{ "matches": [ { "vulnerability": { "id": "CVE-2024-5535", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-5535", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "cvss": [ { "type": "Secondary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-5535", "epss": 0.06702, "percentile": 0.91493, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-5535", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 2.9823900000000005 }, "relatedVulnerabilities": [ { "id": "CVE-2024-5535", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-5535", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37", "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e", "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c", "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c", "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c", "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87", "https://www.openssl.org/news/secadv/20240627.txt", "http://www.openwall.com/lists/oss-security/2024/06/27/1", "http://www.openwall.com/lists/oss-security/2024/06/28/4", "http://www.openwall.com/lists/oss-security/2024/08/15/1", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://security.netapp.com/advisory/ntap-20240712-0005/", "https://security.netapp.com/advisory/ntap-20241025-0006/", "https://security.netapp.com/advisory/ntap-20241025-0010/", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html" ], "description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an\nempty supported client protocols buffer may cause a crash or memory contents to\nbe sent to the peer.\n\nImpact summary: A buffer overread can have a range of potential consequences\nsuch as unexpected application beahviour or a crash. In particular this issue\ncould result in up to 255 bytes of arbitrary private data from memory being sent\nto the peer leading to a loss of confidentiality. However, only applications\nthat directly call the SSL_select_next_proto function with a 0 length list of\nsupported client protocols are affected by this issue. This would normally never\nbe a valid scenario and is typically not under attacker control but may occur by\naccident in the case of a configuration or programming error in the calling\napplication.\n\nThe OpenSSL API function SSL_select_next_proto is typically used by TLS\napplications that support ALPN (Application Layer Protocol Negotiation) or NPN\n(Next Protocol Negotiation). NPN is older, was never standardised and\nis deprecated in favour of ALPN. We believe that ALPN is significantly more\nwidely deployed than NPN. The SSL_select_next_proto function accepts a list of\nprotocols from the server and a list of protocols from the client and returns\nthe first protocol that appears in the server list that also appears in the\nclient list. In the case of no overlap between the two lists it returns the\nfirst item in the client list. In either case it will signal whether an overlap\nbetween the two lists was found. In the case where SSL_select_next_proto is\ncalled with a zero length client list it fails to notice this condition and\nreturns the memory immediately following the client list pointer (and reports\nthat there was no overlap in the lists).\n\nThis function is typically called from a server side application callback for\nALPN or a client side application callback for NPN. In the case of ALPN the list\nof protocols supplied by the client is guaranteed by libssl to never be zero in\nlength. The list of server protocols comes from the application and should never\nnormally be expected to be of zero length. In this case if the\nSSL_select_next_proto function has been called as expected (with the list\nsupplied by the client passed in the client/client_len parameters), then the\napplication will not be vulnerable to this issue. If the application has\naccidentally been configured with a zero length server list, and has\naccidentally passed that zero length server list in the client/client_len\nparameters, and has additionally failed to correctly handle a \"no overlap\"\nresponse (which would normally result in a handshake failure in ALPN) then it\nwill be vulnerable to this problem.\n\nIn the case of NPN, the protocol permits the client to opportunistically select\na protocol when there is no overlap. OpenSSL returns the first client protocol\nin the no overlap case in support of this. The list of client protocols comes\nfrom the application and should never normally be expected to be of zero length.\nHowever if the SSL_select_next_proto function is accidentally called with a\nclient_len of 0 then an invalid memory pointer will be returned instead. If the\napplication uses this output as the opportunistic protocol then the loss of\nconfidentiality will occur.\n\nThis issue has been assessed as Low severity because applications are most\nlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\nwidely used. It also requires an application configuration or programming error.\nFinally, this issue would not typically be under attacker control making active\nexploitation unlikely.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\nDue to the low severity of this issue we are not issuing new releases of\nOpenSSL at this time. The fix will be included in the next releases when they\nbecome available.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-5535", "epss": 0.06702, "percentile": 0.91493, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-5535", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-5535", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-5535", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-5535", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "cvss": [ { "type": "Secondary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-5535", "epss": 0.06702, "percentile": 0.91493, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-5535", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 2.9823900000000005 }, "relatedVulnerabilities": [ { "id": "CVE-2024-5535", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-5535", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37", "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e", "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c", "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c", "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c", "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87", "https://www.openssl.org/news/secadv/20240627.txt", "http://www.openwall.com/lists/oss-security/2024/06/27/1", "http://www.openwall.com/lists/oss-security/2024/06/28/4", "http://www.openwall.com/lists/oss-security/2024/08/15/1", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://security.netapp.com/advisory/ntap-20240712-0005/", "https://security.netapp.com/advisory/ntap-20241025-0006/", "https://security.netapp.com/advisory/ntap-20241025-0010/", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html" ], "description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an\nempty supported client protocols buffer may cause a crash or memory contents to\nbe sent to the peer.\n\nImpact summary: A buffer overread can have a range of potential consequences\nsuch as unexpected application beahviour or a crash. In particular this issue\ncould result in up to 255 bytes of arbitrary private data from memory being sent\nto the peer leading to a loss of confidentiality. However, only applications\nthat directly call the SSL_select_next_proto function with a 0 length list of\nsupported client protocols are affected by this issue. This would normally never\nbe a valid scenario and is typically not under attacker control but may occur by\naccident in the case of a configuration or programming error in the calling\napplication.\n\nThe OpenSSL API function SSL_select_next_proto is typically used by TLS\napplications that support ALPN (Application Layer Protocol Negotiation) or NPN\n(Next Protocol Negotiation). NPN is older, was never standardised and\nis deprecated in favour of ALPN. We believe that ALPN is significantly more\nwidely deployed than NPN. The SSL_select_next_proto function accepts a list of\nprotocols from the server and a list of protocols from the client and returns\nthe first protocol that appears in the server list that also appears in the\nclient list. In the case of no overlap between the two lists it returns the\nfirst item in the client list. In either case it will signal whether an overlap\nbetween the two lists was found. In the case where SSL_select_next_proto is\ncalled with a zero length client list it fails to notice this condition and\nreturns the memory immediately following the client list pointer (and reports\nthat there was no overlap in the lists).\n\nThis function is typically called from a server side application callback for\nALPN or a client side application callback for NPN. In the case of ALPN the list\nof protocols supplied by the client is guaranteed by libssl to never be zero in\nlength. The list of server protocols comes from the application and should never\nnormally be expected to be of zero length. In this case if the\nSSL_select_next_proto function has been called as expected (with the list\nsupplied by the client passed in the client/client_len parameters), then the\napplication will not be vulnerable to this issue. If the application has\naccidentally been configured with a zero length server list, and has\naccidentally passed that zero length server list in the client/client_len\nparameters, and has additionally failed to correctly handle a \"no overlap\"\nresponse (which would normally result in a handshake failure in ALPN) then it\nwill be vulnerable to this problem.\n\nIn the case of NPN, the protocol permits the client to opportunistically select\na protocol when there is no overlap. OpenSSL returns the first client protocol\nin the no overlap case in support of this. The list of client protocols comes\nfrom the application and should never normally be expected to be of zero length.\nHowever if the SSL_select_next_proto function is accidentally called with a\nclient_len of 0 then an invalid memory pointer will be returned instead. If the\napplication uses this output as the opportunistic protocol then the loss of\nconfidentiality will occur.\n\nThis issue has been assessed as Low severity because applications are most\nlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\nwidely used. It also requires an application configuration or programming error.\nFinally, this issue would not typically be under attacker control making active\nexploitation unlikely.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\nDue to the low severity of this issue we are not issuing new releases of\nOpenSSL at this time. The fix will be included in the next releases when they\nbecome available.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-5535", "epss": 0.06702, "percentile": 0.91493, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-5535", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-5535", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-34459", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-34459", "epss": 0.04197, "percentile": 0.89019, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-34459", "cwe": "CWE-122", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 1.7837250000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2024-34459", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-34459", "epss": 0.04197, "percentile": 0.89019, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-34459", "cwe": "CWE-122", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libxml2", "version": "0:2.12.5-10.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fd8a4e4169e6e582", "name": "libxml2", "version": "2.12.5-10.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT AND ISC-Veillard AND W3C" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.12.5-10.el10?arch=x86_64&distro=rhel-10.2&upstream=libxml2-2.12.5-10.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-28834", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-28834", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-28834", "epss": 0.02116, "percentile": 0.84547, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-28834", "cwe": "CWE-327", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 1.0897400000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2024-28834", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-28834", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2024:1784", "https://access.redhat.com/errata/RHSA-2024:1879", "https://access.redhat.com/errata/RHSA-2024:1997", "https://access.redhat.com/errata/RHSA-2024:2044", "https://access.redhat.com/errata/RHSA-2024:2570", "https://access.redhat.com/errata/RHSA-2024:2889", "https://access.redhat.com/security/cve/CVE-2024-28834", "https://bugzilla.redhat.com/show_bug.cgi?id=2269228", "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html", "https://minerva.crocs.fi.muni.cz/", "http://www.openwall.com/lists/oss-security/2024/03/22/1", "http://www.openwall.com/lists/oss-security/2024/03/22/2", "https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html", "https://people.redhat.com/~hkario/marvin/", "https://security.netapp.com/advisory/ntap-20240524-0004/" ], "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-28834", "epss": 0.02116, "percentile": 0.84547, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-28834", "cwe": "CWE-327", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "gnutls", "version": "0:3.8.10-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-28834", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "960232d7862f3dc5", "name": "gnutls", "version": "3.8.10-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:gnutls:gnutls:3.8.10-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gnutls:3.8.10-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/gnutls@3.8.10-4.el10_2?arch=x86_64&distro=rhel-10.2&upstream=gnutls-3.8.10-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-12243", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-12243", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-12243", "epss": 0.01227, "percentile": 0.79632, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-12243", "cwe": "CWE-407", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.6319049999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2024-12243", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2025:17361", "https://access.redhat.com/errata/RHSA-2025:4051", "https://access.redhat.com/errata/RHSA-2025:7076", "https://access.redhat.com/errata/RHSA-2025:8020", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12243", "https://bugzilla.redhat.com/show_bug.cgi?id=2344615", "https://gitlab.com/gnutls/gnutls/-/issues/1553", "https://gitlab.com/gnutls/libtasn1/-/issues/52", "https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html", "https://security.netapp.com/advisory/ntap-20250523-0002/", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html" ], "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-12243", "epss": 0.01227, "percentile": 0.79632, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-12243", "cwe": "CWE-407", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "gnutls", "version": "0:3.8.10-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-12243", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "960232d7862f3dc5", "name": "gnutls", "version": "3.8.10-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:gnutls:gnutls:3.8.10-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gnutls:3.8.10-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/gnutls@3.8.10-4.el10_2?arch=x86_64&distro=rhel-10.2&upstream=gnutls-3.8.10-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-11053", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-11053", "epss": 0.01285, "percentile": 0.80107, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.5718250000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2024-11053", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2024-11053.html", "https://curl.se/docs/CVE-2024-11053.json", "https://hackerone.com/reports/2829063", "http://www.openwall.com/lists/oss-security/2024/12/11/1", "https://security.netapp.com/advisory/ntap-20250124-0012/", "https://security.netapp.com/advisory/ntap-20250131-0003/", "https://security.netapp.com/advisory/ntap-20250131-0004/" ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { "baseScore": 3.4, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-11053", "epss": 0.01285, "percentile": 0.80107, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-11053", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-11053", "epss": 0.01285, "percentile": 0.80107, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.5718250000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2024-11053", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2024-11053.html", "https://curl.se/docs/CVE-2024-11053.json", "https://hackerone.com/reports/2829063", "http://www.openwall.com/lists/oss-security/2024/12/11/1", "https://security.netapp.com/advisory/ntap-20250124-0012/", "https://security.netapp.com/advisory/ntap-20250131-0003/", "https://security.netapp.com/advisory/ntap-20250131-0004/" ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { "baseScore": 3.4, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-11053", "epss": 0.01285, "percentile": 0.80107, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-45490", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-45490", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-45490", "epss": 0.00613, "percentile": 0.70427, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-45490", "cwe": "CWE-611", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2024-45490", "cwe": "CWE-190", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.383125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-45490", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/libexpat/libexpat/issues/887", "https://github.com/libexpat/libexpat/pull/890", "http://seclists.org/fulldisclosure/2024/Dec/10", "http://seclists.org/fulldisclosure/2024/Dec/12", "http://seclists.org/fulldisclosure/2024/Dec/6", "http://seclists.org/fulldisclosure/2024/Dec/7", "http://seclists.org/fulldisclosure/2024/Dec/8", "https://lists.debian.org/debian-lts-announce/2024/09/msg00036.html", "https://security.netapp.com/advisory/ntap-20241018-0004/", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html" ], "description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-45490", "epss": 0.00613, "percentile": 0.70427, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-45490", "cwe": "CWE-611", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2024-45490", "cwe": "CWE-190", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "expat", "version": "0:2.7.3-1.el10_2.1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-45490", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "777f6467c40e3cda", "name": "expat", "version": "2.7.3-1.el10_2.1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:redhat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:expat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/expat@2.7.3-1.el10_2.1?arch=x86_64&distro=rhel-10.2&upstream=expat-2.7.3-1.el10_2.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-7264", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-7264", "epss": 0.00882, "percentile": 0.75904, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-7264", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.36603 }, "relatedVulnerabilities": [ { "id": "CVE-2024-7264", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.openwall.com/lists/oss-security/2024/07/31/1", "https://curl.se/docs/CVE-2024-7264.html", "https://curl.se/docs/CVE-2024-7264.json", "https://hackerone.com/reports/2629968", "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "https://security.netapp.com/advisory/ntap-20240828-0008/", "https://security.netapp.com/advisory/ntap-20241025-0006/", "https://security.netapp.com/advisory/ntap-20241025-0010/" ], "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-7264", "epss": 0.00882, "percentile": 0.75904, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-7264", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-7264", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-7264", "epss": 0.00882, "percentile": 0.75904, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-7264", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.36603 }, "relatedVulnerabilities": [ { "id": "CVE-2024-7264", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.openwall.com/lists/oss-security/2024/07/31/1", "https://curl.se/docs/CVE-2024-7264.html", "https://curl.se/docs/CVE-2024-7264.json", "https://hackerone.com/reports/2629968", "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "https://security.netapp.com/advisory/ntap-20240828-0008/", "https://security.netapp.com/advisory/ntap-20241025-0006/", "https://security.netapp.com/advisory/ntap-20241025-0010/" ], "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-7264", "epss": 0.00882, "percentile": 0.75904, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-7264", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-41996", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-41996", "epss": 0.00628, "percentile": 0.7082, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-41996", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.27946000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2024-41996", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://dheatattack.gitlab.io/details/", "https://dheatattack.gitlab.io/faq/", "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html" ], "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-41996", "epss": 0.00628, "percentile": 0.7082, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-41996", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-41996", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-41996", "epss": 0.00628, "percentile": 0.7082, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-41996", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.27946000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2024-41996", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://dheatattack.gitlab.io/details/", "https://dheatattack.gitlab.io/faq/", "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html" ], "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-41996", "epss": 0.00628, "percentile": 0.7082, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-41996", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-12133", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-12133", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-12133", "epss": 0.00343, "percentile": 0.5743, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-12133", "cwe": "CWE-407", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.176645 }, "relatedVulnerabilities": [ { "id": "CVE-2024-12133", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2025:17347", "https://access.redhat.com/errata/RHSA-2025:4049", "https://access.redhat.com/errata/RHSA-2025:7077", "https://access.redhat.com/errata/RHSA-2025:8021", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12133", "https://bugzilla.redhat.com/show_bug.cgi?id=2344611", "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md", "https://gitlab.com/gnutls/libtasn1/-/issues/52", "http://www.openwall.com/lists/oss-security/2025/02/06/6", "https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html", "https://security.netapp.com/advisory/ntap-20250523-0003/", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html" ], "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-12133", "epss": 0.00343, "percentile": 0.5743, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-12133", "cwe": "CWE-407", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libtasn1", "version": "0:4.20.0-1.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-12133", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2010fb1d4cbfee40", "name": "libtasn1", "version": "4.20.0-1.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:libtasn1:libtasn1:4.20.0-1.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libtasn1:4.20.0-1.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libtasn1@4.20.0-1.el10?arch=x86_64&distro=rhel-10.2&upstream=libtasn1-4.20.0-1.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-6052", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6052", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-6052", "epss": 0.00418, "percentile": 0.62325, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-6052", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.14002999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2025-6052", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6052", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-6052", "https://bugzilla.redhat.com/show_bug.cgi?id=2372666", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html", "https://openjdk.org/groups/vulnerability/advisories/2026-01-20", "https://www.oracle.com/security-alerts/cpuapr2026.html", "https://www.oracle.com/security-alerts/cpujan2026.html" ], "description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-6052", "epss": 0.00418, "percentile": 0.62325, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-6052", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glib2", "version": "0:2.80.4-12.el10_2.13" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-6052", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "37bb1f6df7e16bb3", "name": "glib2", "version": "2.80.4-12.el10_2.13", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.80.4-12.el10_2.13?arch=x86_64&distro=rhel-10.2&upstream=glib2-2.80.4-12.el10_2.13.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-7458", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7458", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "An integer overflow flaw has been discovered in SQLite. This flaw allows an attacker who has the ability to execute raw SQL statements to induce a denial of service or leak process memory.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "metrics": { "baseScore": 6.1, "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-7458", "epss": 0.00204, "percentile": 0.42734, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-7458", "cwe": "CWE-190", "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.11321999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2025-7458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7458", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://sqlite.org/forum/forumpost/16ce2bb7a639e29b", "https://sqlite.org/src/info/12ad822d9b827777" ], "description": "An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} }, { "source": "cve-coordination@google.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 6.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-7458", "epss": 0.00204, "percentile": 0.42734, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-7458", "cwe": "CWE-190", "source": "cve-coordination@google.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "sqlite", "version": "3.46.1-5.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-7458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e4a6c09aa53d2147", "name": "sqlite-libs", "version": "3.46.1-5.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "blessing" ], "cpes": [ "cpe:2.3:a:sqlite-libs:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite-libs:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/sqlite-libs@3.46.1-5.el10_1?arch=x86_64&distro=rhel-10.2&upstream=sqlite-3.46.1-5.el10_1.src.rpm", "upstreams": [ { "name": "sqlite", "version": "3.46.1-5.el10_1" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-10148", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10148", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in curl. The use of a predictable WebSocket mask pattern allows a malicious server to induce traffic that an intermediary proxy (whether configured or transparent) will misinterpret as a standard HTTP request. This confusion leads to a cache poisoning attack, where the proxy stores the server's malicious content and serves it to all users of that proxy.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.8, "exploitabilityScore": 2.3, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10148", "epss": 0.0029, "percentile": 0.52933, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.1131 }, "relatedVulnerabilities": [ { "id": "CVE-2025-10148", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-10148.html", "https://curl.se/docs/CVE-2025-10148.json", "https://hackerone.com/reports/3330839", "http://www.openwall.com/lists/oss-security/2025/09/10/2", "http://www.openwall.com/lists/oss-security/2025/09/10/3", "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10148", "epss": 0.0029, "percentile": 0.52933, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-10148", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10148", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in curl. The use of a predictable WebSocket mask pattern allows a malicious server to induce traffic that an intermediary proxy (whether configured or transparent) will misinterpret as a standard HTTP request. This confusion leads to a cache poisoning attack, where the proxy stores the server's malicious content and serves it to all users of that proxy.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.8, "exploitabilityScore": 2.3, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10148", "epss": 0.0029, "percentile": 0.52933, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.1131 }, "relatedVulnerabilities": [ { "id": "CVE-2025-10148", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-10148.html", "https://curl.se/docs/CVE-2025-10148.json", "https://hackerone.com/reports/3330839", "http://www.openwall.com/lists/oss-security/2025/09/10/2", "http://www.openwall.com/lists/oss-security/2025/09/10/3", "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10148", "epss": 0.0029, "percentile": 0.52933, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4426", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4426", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4426", "epss": 0.00185, "percentile": 0.40288, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4426", "cwe": "CWE-1335", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.106375 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4426", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4426", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:8944", "https://access.redhat.com/security/cve/CVE-2026-4426", "https://bugzilla.redhat.com/show_bug.cgi?id=2449010", "https://github.com/libarchive/libarchive/pull/2897" ], "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4426", "epss": 0.00185, "percentile": 0.40288, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4426", "cwe": "CWE-1335", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libarchive", "version": "0:3.7.7-8.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-4426", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1275a237f54746d8", "name": "libarchive", "version": "3.7.7-8.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-2-Clause AND FSFULLR AND GPL-2.0-or-later WITH Libtool-exception AND BSD-3-Clause AND FSFUL" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.7.7-8.el10_1?arch=x86_64&distro=rhel-10.2&upstream=libarchive-3.7.7-8.el10_1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-53160", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-53160", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in sequoia-openpgp. The crate exhibits an out-of-bounds array access, leading to a panic during processing. A local attacker can trigger this condition by providing a specially crafted input, which results in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-53160", "epss": 0.00277, "percentile": 0.51599, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-53160", "cwe": "CWE-125", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.08725499999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2023-53160", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-53160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://crates.io/crates/sequoia-openpgp", "https://github.com/advisories/GHSA-25mx-8f3v-8wh7", "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/", "https://rustsec.org/advisories/RUSTSEC-2023-0038.html" ], "description": "The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-53160", "epss": 0.00277, "percentile": 0.51599, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-53160", "cwe": "CWE-125", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2023-53160", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "145d1c4db64e86b8", "name": "rpm-sequoia", "version": "1.10.1.1-2.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.0-or-later AND Apache-2.0 AND BSL-1.0 AND MIT AND Unicode-DFS-2016 AND (Apache-2.0 OR MIT) AND (MIT OR Apache-2.0 OR Zlib) AND (Unlicense OR MIT)" ], "cpes": [ "cpe:2.3:a:rpm-sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm-sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/rpm-sequoia@1.10.1.1-2.el10?arch=x86_64&distro=rhel-10.2&upstream=rust-rpm-sequoia-1.10.1.1-2.el10.src.rpm", "upstreams": [ { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-67897", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-67897", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in Sequoia. This vulnerability allows a remote attacker to crash an application via sending a victim an encrypted message with a crafted Public Key Encrypted Session Key (PKESK) or Symmetric Key Encrypted Session Key (SKESK) packet, which causes `aes_key_unwrap` to panic when processing a short ciphertext.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-67897", "epss": 0.00166, "percentile": 0.37723, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-67897", "cwe": "CWE-195", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.08549 }, "relatedVulnerabilities": [ { "id": "CVE-2025-67897", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-67897", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://bugs.debian.org/1122582", "https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26", "https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5" ], "description": "In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-67897", "epss": 0.00166, "percentile": 0.37723, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-67897", "cwe": "CWE-195", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-67897", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "145d1c4db64e86b8", "name": "rpm-sequoia", "version": "1.10.1.1-2.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.0-or-later AND Apache-2.0 AND BSL-1.0 AND MIT AND Unicode-DFS-2016 AND (Apache-2.0 OR MIT) AND (MIT OR Apache-2.0 OR Zlib) AND (Unlicense OR MIT)" ], "cpes": [ "cpe:2.3:a:rpm-sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm-sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/rpm-sequoia@1.10.1.1-2.el10?arch=x86_64&distro=rhel-10.2&upstream=rust-rpm-sequoia-1.10.1.1-2.el10.src.rpm", "upstreams": [ { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-53161", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-53161", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in buffered-reader. The crate's implementation contains an out-of-bounds array access, leading to a panic. A local attacker can trigger this condition by providing a specially crafted input. This occurs when processing data from an external source, which can result in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-53161", "epss": 0.00259, "percentile": 0.49707, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-53161", "cwe": "CWE-125", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.08158499999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2023-53161", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-53161", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://crates.io/crates/buffered-reader", "https://github.com/advisories/GHSA-29mf-62xx-28jq", "https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.0.2", "https://gitlab.com/sequoia-pgp/sequoia/-/tags/buffered-reader%2Fv1.1.5", "https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/", "https://rustsec.org/advisories/RUSTSEC-2023-0039.html" ], "description": "The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-53161", "epss": 0.00259, "percentile": 0.49707, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-53161", "cwe": "CWE-125", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2023-53161", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "145d1c4db64e86b8", "name": "rpm-sequoia", "version": "1.10.1.1-2.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.0-or-later AND Apache-2.0 AND BSL-1.0 AND MIT AND Unicode-DFS-2016 AND (Apache-2.0 OR MIT) AND (MIT OR Apache-2.0 OR Zlib) AND (Unlicense OR MIT)" ], "cpes": [ "cpe:2.3:a:rpm-sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm-sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/rpm-sequoia@1.10.1.1-2.el10?arch=x86_64&distro=rhel-10.2&upstream=rust-rpm-sequoia-1.10.1.1-2.el10.src.rpm", "upstreams": [ { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2021-46195", "dataSource": "https://access.redhat.com/security/cve/CVE-2021-46195", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was discovered in the GNU libiberty library within the demangle_path() function in rust-demangle.c, as distributed in the GNU Compiler Collection (GCC). This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2021-46195", "epss": 0.00232, "percentile": 0.4637, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2021-46195", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.07307999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2021-46195", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841" ], "description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2021-46195", "epss": 0.00232, "percentile": 0.4637, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2021-46195", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "gcc", "version": "14.3.1-4.4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2021-46195", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "623187e597e61749", "name": "libgcc", "version": "14.3.1-4.4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND LGPL-3.0-or-later AND (GPL-3.0-or-later WITH GCC-exception-3.1) AND (GPL-3.0-or-later WITH Texinfo-exception) AND (LGPL-2.1-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH GNU-compiler-exception) AND BSL-1.0 AND GFDL-1.3-or-later AND Linux-man-pages-copyleft-2-para AND SunPro AND BSD-1-Clause AND BSD-2-Clause AND BSD-2-Clause-Views AND BSD-3-Clause AND BSD-4-Clause AND BSD-Source-Code AND Zlib AND MIT AND Apache-2.0 AND (Apache-2.0 WITH LLVM-Exception) AND ZPL-2.1 AND ISC AND LicenseRef-Fedora-Public-Domain AND HP-1986 AND curl AND Martin-Birgmeier AND HPND-Markus-Kuhn AND dtoa AND SMLNJ AND AMD-newlib AND OAR AND HPND-merchantability-variant AND HPND-Intel" ], "cpes": [ "cpe:2.3:a:libgcc:libgcc:14.3.1-4.4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libgcc:14.3.1-4.4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libgcc@14.3.1-4.4.el10?arch=x86_64&distro=rhel-10.2&upstream=gcc-14.3.1-4.4.el10.src.rpm", "upstreams": [ { "name": "gcc", "version": "14.3.1-4.4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2021-46195", "dataSource": "https://access.redhat.com/security/cve/CVE-2021-46195", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was discovered in the GNU libiberty library within the demangle_path() function in rust-demangle.c, as distributed in the GNU Compiler Collection (GCC). This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2021-46195", "epss": 0.00232, "percentile": 0.4637, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2021-46195", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.07307999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2021-46195", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841" ], "description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2021-46195", "epss": 0.00232, "percentile": 0.4637, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2021-46195", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "gcc", "version": "14.3.1-4.4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2021-46195", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4dc5fa0e56d8c37d", "name": "libstdc++", "version": "14.3.1-4.4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND LGPL-3.0-or-later AND (GPL-3.0-or-later WITH GCC-exception-3.1) AND (GPL-3.0-or-later WITH Texinfo-exception) AND (LGPL-2.1-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH GNU-compiler-exception) AND BSL-1.0 AND GFDL-1.3-or-later AND Linux-man-pages-copyleft-2-para AND SunPro AND BSD-1-Clause AND BSD-2-Clause AND BSD-2-Clause-Views AND BSD-3-Clause AND BSD-4-Clause AND BSD-Source-Code AND Zlib AND MIT AND Apache-2.0 AND (Apache-2.0 WITH LLVM-Exception) AND ZPL-2.1 AND ISC AND LicenseRef-Fedora-Public-Domain AND HP-1986 AND curl AND Martin-Birgmeier AND HPND-Markus-Kuhn AND dtoa AND SMLNJ AND AMD-newlib AND OAR AND HPND-merchantability-variant AND HPND-Intel" ], "cpes": [ "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:14.3.1-4.4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libstdc\\+\\+:14.3.1-4.4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libstdc%2B%2B@14.3.1-4.4.el10?arch=x86_64&distro=rhel-10.2&upstream=gcc-14.3.1-4.4.el10.src.rpm", "upstreams": [ { "name": "gcc", "version": "14.3.1-4.4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28389", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28389", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00149, "percentile": 0.35356, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.066305 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28389", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://openssl-library.org/news/secadv/20260407.txt", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00149, "percentile": 0.35356, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-28389", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28389", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28389", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00149, "percentile": 0.35356, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.066305 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28389", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://openssl-library.org/news/secadv/20260407.txt", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00149, "percentile": 0.35356, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-28389", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5278", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 4.4, "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5278", "epss": 0.0014, "percentile": 0.34096, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5278", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.06580000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5278", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5278", "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507", "http://www.openwall.com/lists/oss-security/2025/05/27/2", "http://www.openwall.com/lists/oss-security/2025/05/29/1", "http://www.openwall.com/lists/oss-security/2025/05/29/2", "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 4.4, "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5278", "epss": 0.0014, "percentile": 0.34096, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5278", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "coreutils", "version": "9.5-7.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "217c249f12f743a6", "name": "coreutils-single", "version": "9.5-7.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND GFDL-1.3-no-invariants-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:coreutils-single:coreutils-single:9.5-7.el10:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils-single:coreutils_single:9.5-7.el10:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils_single:coreutils-single:9.5-7.el10:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils_single:coreutils_single:9.5-7.el10:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils:coreutils-single:9.5-7.el10:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils:coreutils_single:9.5-7.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:coreutils-single:9.5-7.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:coreutils_single:9.5-7.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/coreutils-single@9.5-7.el10?arch=x86_64&distro=rhel-10.2&upstream=coreutils-9.5-7.el10.src.rpm", "upstreams": [ { "name": "coreutils", "version": "9.5-7.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-7168", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-7168", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libcurl. When a user performs a transfer over an HTTP proxy using Digest authentication and then reuses the same handle for a second transfer with a different proxy host, libcurl incorrectly sends the `Proxy-Authorization` header intended for the first proxy to the second proxy. This could lead to the disclosure of sensitive authentication information to an unintended proxy, potentially allowing an attacker to gain unauthorized access or impersonate the user.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7168", "epss": 0.00113, "percentile": 0.29667, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7168", "cwe": "CWE-294", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.058195000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-7168", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-7168", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-7168.html", "https://curl.se/docs/CVE-2026-7168.json", "https://hackerone.com/reports/3697719", "http://www.openwall.com/lists/oss-security/2026/04/29/14" ], "description": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for\n`proxyA`, to `proxyB`.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7168", "epss": 0.00113, "percentile": 0.29667, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7168", "cwe": "CWE-294", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-7168", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-7168", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-7168", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libcurl. When a user performs a transfer over an HTTP proxy using Digest authentication and then reuses the same handle for a second transfer with a different proxy host, libcurl incorrectly sends the `Proxy-Authorization` header intended for the first proxy to the second proxy. This could lead to the disclosure of sensitive authentication information to an unintended proxy, potentially allowing an attacker to gain unauthorized access or impersonate the user.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7168", "epss": 0.00113, "percentile": 0.29667, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7168", "cwe": "CWE-294", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.058195000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-7168", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-7168", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-7168.html", "https://curl.se/docs/CVE-2026-7168.json", "https://hackerone.com/reports/3697719", "http://www.openwall.com/lists/oss-security/2026/04/29/14" ], "description": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for\n`proxyA`, to `proxyB`.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7168", "epss": 0.00113, "percentile": 0.29667, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7168", "cwe": "CWE-294", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-7168", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-4603", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-4603", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-4603", "epss": 0.00108, "percentile": 0.28774, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-4603", "cwe": "CWE-606", "source": "openssl-security@openssl.org", "type": "Secondary" }, { "cve": "CVE-2024-4603", "cwe": "CWE-834", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.044820000000000006 }, "relatedVulnerabilities": [ { "id": "CVE-2024-4603", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397", "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e", "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d", "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740", "https://www.openssl.org/news/secadv/20240516.txt", "http://www.openwall.com/lists/oss-security/2024/05/16/2", "https://security.netapp.com/advisory/ntap-20240621-0001/" ], "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nThese functions are not called by OpenSSL itself on untrusted DSA keys so\nonly applications that directly call these functions may be vulnerable.\n\nAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\nwhen using the `-check` option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-4603", "epss": 0.00108, "percentile": 0.28774, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-4603", "cwe": "CWE-606", "source": "openssl-security@openssl.org", "type": "Secondary" }, { "cve": "CVE-2024-4603", "cwe": "CWE-834", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-4603", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-4603", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-4603", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-4603", "epss": 0.00108, "percentile": 0.28774, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-4603", "cwe": "CWE-606", "source": "openssl-security@openssl.org", "type": "Secondary" }, { "cve": "CVE-2024-4603", "cwe": "CWE-834", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.044820000000000006 }, "relatedVulnerabilities": [ { "id": "CVE-2024-4603", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397", "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e", "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d", "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740", "https://www.openssl.org/news/secadv/20240516.txt", "http://www.openwall.com/lists/oss-security/2024/05/16/2", "https://security.netapp.com/advisory/ntap-20240621-0001/" ], "description": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nThese functions are not called by OpenSSL itself on untrusted DSA keys so\nonly applications that directly call these functions may be vulnerable.\n\nAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\nwhen using the `-check` option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-4603", "epss": 0.00108, "percentile": 0.28774, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-4603", "cwe": "CWE-606", "source": "openssl-security@openssl.org", "type": "Secondary" }, { "cve": "CVE-2024-4603", "cwe": "CWE-834", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-4603", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5915", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 6.6, "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5915", "epss": 0.0009, "percentile": 0.25761, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5915", "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.043199999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5915", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5915", "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", "https://github.com/libarchive/libarchive/pull/2599", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 6.6, "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 6.6, "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5915", "epss": 0.0009, "percentile": 0.25761, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5915", "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libarchive", "version": "0:3.7.7-8.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1275a237f54746d8", "name": "libarchive", "version": "3.7.7-8.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-2-Clause AND FSFULLR AND GPL-2.0-or-later WITH Libtool-exception AND BSD-3-Clause AND FSFUL" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.7.7-8.el10_1?arch=x86_64&distro=rhel-10.2&upstream=libarchive-3.7.7-8.el10_1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1965", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00073, "percentile": 0.22358, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.04307 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1965", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json" ], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00073, "percentile": 0.22358, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1965", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00073, "percentile": 0.22358, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.04307 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1965", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json" ], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00073, "percentile": 0.22358, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-3360", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-3360", "epss": 0.00126, "percentile": 0.31657, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.04221 }, "relatedVulnerabilities": [ { "id": "CVE-2025-3360", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-3360", "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-3360", "epss": 0.00126, "percentile": 0.31657, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glib2", "version": "0:2.80.4-12.el10_2.13" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "37bb1f6df7e16bb3", "name": "glib2", "version": "2.80.4-12.el10_2.13", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.80.4-12.el10_2.13?arch=x86_64&distro=rhel-10.2&upstream=glib2-2.80.4-12.el10_2.13.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5918", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5918", "epss": 0.00113, "percentile": 0.2973, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.038985 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5918", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5918", "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 6.6, "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5918", "epss": 0.00113, "percentile": 0.2973, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libarchive", "version": "0:3.7.7-8.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1275a237f54746d8", "name": "libarchive", "version": "3.7.7-8.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-2-Clause AND FSFULLR AND GPL-2.0-or-later WITH Libtool-exception AND BSD-3-Clause AND FSFUL" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.7.7-8.el10_1?arch=x86_64&distro=rhel-10.2&upstream=libarchive-3.7.7-8.el10_1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-13176", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-13176", "epss": 0.001, "percentile": 0.27407, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-13176", "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.038500000000000006 }, "relatedVulnerabilities": [ { "id": "CVE-2024-13176", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", "https://openssl-library.org/news/secadv/20250120.txt", "http://www.openwall.com/lists/oss-security/2025/01/20/2", "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", "https://security.netapp.com/advisory/ntap-20250124-0005/", "https://security.netapp.com/advisory/ntap-20250418-0010/", "https://security.netapp.com/advisory/ntap-20250502-0006/" ], "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 4.1, "exploitabilityScore": 0.7, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-13176", "epss": 0.001, "percentile": 0.27407, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-13176", "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-13176", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-13176", "epss": 0.001, "percentile": 0.27407, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-13176", "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.038500000000000006 }, "relatedVulnerabilities": [ { "id": "CVE-2024-13176", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", "https://openssl-library.org/news/secadv/20250120.txt", "http://www.openwall.com/lists/oss-security/2025/01/20/2", "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", "https://security.netapp.com/advisory/ntap-20250124-0005/", "https://security.netapp.com/advisory/ntap-20250418-0010/", "https://security.netapp.com/advisory/ntap-20250502-0006/" ], "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 4.1, "exploitabilityScore": 0.7, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-13176", "epss": 0.001, "percentile": 0.27407, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-13176", "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-29087", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-29087", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29087", "epss": 0.00072, "percentile": 0.22279, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-29087", "cwe": "CWE-190", "source": "cve@mitre.org", "type": "Secondary" }, { "cve": "CVE-2025-29087", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0378 }, "relatedVulnerabilities": [ { "id": "CVE-2025-29087", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29087", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a", "https://sqlite.org/releaselog/3_49_1.html", "https://www.sqlite.org/cves.html" ], "description": "In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "metrics": { "baseScore": 3.2, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29087", "epss": 0.00072, "percentile": 0.22279, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-29087", "cwe": "CWE-190", "source": "cve@mitre.org", "type": "Secondary" }, { "cve": "CVE-2025-29087", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "sqlite", "version": "3.46.1-5.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-29087", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e4a6c09aa53d2147", "name": "sqlite-libs", "version": "3.46.1-5.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "blessing" ], "cpes": [ "cpe:2.3:a:sqlite-libs:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite-libs:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/sqlite-libs@3.46.1-5.el10_1?arch=x86_64&distro=rhel-10.2&upstream=sqlite-3.46.1-5.el10_1.src.rpm", "upstreams": [ { "name": "sqlite", "version": "3.46.1-5.el10_1" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5450", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00073, "percentile": 0.22435, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0365 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00073, "percentile": 0.22435, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "0:2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "6aefa28baec674b1", "name": "glibc", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:redhat:glibc:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5450", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00073, "percentile": 0.22435, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0365 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00073, "percentile": 0.22435, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5862acc01b536b65", "name": "glibc-common", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:glibc-common:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-common:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-common@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.39-124.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5450", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00073, "percentile": 0.22435, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0365 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00073, "percentile": 0.22435, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3580b4e8bea9e378", "name": "glibc-minimal-langpack", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.39-124.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5916", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5916", "epss": 0.00102, "percentile": 0.27698, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5916", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03519 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5916", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5916", "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.6, "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5916", "epss": 0.00102, "percentile": 0.27698, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5916", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libarchive", "version": "0:3.7.7-8.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1275a237f54746d8", "name": "libarchive", "version": "3.7.7-8.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-2-Clause AND FSFULLR AND GPL-2.0-or-later WITH Libtool-exception AND BSD-3-Clause AND FSFUL" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.7.7-8.el10_1?arch=x86_64&distro=rhel-10.2&upstream=libarchive-3.7.7-8.el10_1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5928", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00068, "percentile": 0.21367, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.034 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00068, "percentile": 0.21367, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "0:2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "6aefa28baec674b1", "name": "glibc", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:redhat:glibc:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5928", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00068, "percentile": 0.21367, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.034 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00068, "percentile": 0.21367, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5862acc01b536b65", "name": "glibc-common", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:glibc-common:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-common:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-common@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.39-124.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5928", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00068, "percentile": 0.21367, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.034 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00068, "percentile": 0.21367, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3580b4e8bea9e378", "name": "glibc-minimal-langpack", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.39-124.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5917", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.8, "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5917", "epss": 0.00117, "percentile": 0.30341, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5917", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03393 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5917", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5917", "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.8, "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5917", "epss": 0.00117, "percentile": 0.30341, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-5917", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libarchive", "version": "0:3.7.7-8.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1275a237f54746d8", "name": "libarchive", "version": "3.7.7-8.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-2-Clause AND FSFULLR AND GPL-2.0-or-later WITH Libtool-exception AND BSD-3-Clause AND FSFUL" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.7.7-8.el10_1?arch=x86_64&distro=rhel-10.2&upstream=libarchive-3.7.7-8.el10_1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-34743", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-34743", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.00063, "percentile": 0.1996, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.032445 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34743", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "http://www.openwall.com/lists/oss-security/2026/03/31/13" ], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "security-advisories@github.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 1.7 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.00063, "percentile": 0.1996, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "xz", "version": "5.6.2-4.el10_0" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-34743", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "bc28255bceee950b", "name": "xz-libs", "version": "1:5.6.2-4.el10_0", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "0BSD" ], "cpes": [ "cpe:2.3:a:xz-libs:xz-libs:1\\:5.6.2-4.el10_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz-libs:xz_libs:1\\:5.6.2-4.el10_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz_libs:xz-libs:1\\:5.6.2-4.el10_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz_libs:xz_libs:1\\:5.6.2-4.el10_0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:xz-libs:1\\:5.6.2-4.el10_0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:xz_libs:1\\:5.6.2-4.el10_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz:xz-libs:1\\:5.6.2-4.el10_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz:xz_libs:1\\:5.6.2-4.el10_0:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/xz-libs@5.6.2-4.el10_0?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=xz-5.6.2-4.el10_0.src.rpm", "upstreams": [ { "name": "xz", "version": "5.6.2-4.el10_0" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-9149", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-9149", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-9149", "epss": 0.00054, "percentile": 0.17527, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-9149", "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { "id": "CVE-2026-9149", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-9149", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-9149", "https://bugzilla.redhat.com/show_bug.cgi?id=2460380", "https://github.com/openSUSE/libsolv/pull/617" ], "description": "A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-9149", "epss": 0.00054, "percentile": 0.17527, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-9149", "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libsolv", "version": "0:0.7.33-2.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-9149", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "05573771473cf808", "name": "libsolv", "version": "0.7.33-2.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-3-Clause" ], "cpes": [ "cpe:2.3:a:libsolv:libsolv:0.7.33-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libsolv:0.7.33-2.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libsolv@0.7.33-2.el10?arch=x86_64&distro=rhel-10.2&upstream=libsolv-0.7.33-2.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-27113", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-27113", "epss": 0.00094, "percentile": 0.26385, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" }, { "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028669999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-27113", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", "https://security.netapp.com/advisory/ntap-20250306-0004/" ], "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-27113", "epss": 0.00094, "percentile": 0.26385, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" }, { "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libxml2", "version": "0:2.12.5-10.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fd8a4e4169e6e582", "name": "libxml2", "version": "2.12.5-10.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT AND ISC-Veillard AND W3C" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.12.5-10.el10?arch=x86_64&distro=rhel-10.2&upstream=libxml2-2.12.5-10.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2673", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00049, "percentile": 0.15843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.028175 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2673", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://openssl-library.org/news/secadv/20260313.txt", "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" ], "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00049, "percentile": 0.15843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2673", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00049, "percentile": 0.15843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.028175 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2673", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://openssl-library.org/news/secadv/20260313.txt", "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" ], "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00049, "percentile": 0.15843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5435", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5435", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 1.7, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00049, "percentile": 0.15903, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.026705 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5435", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033" ], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00049, "percentile": 0.15903, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "0:2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5435", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "6aefa28baec674b1", "name": "glibc", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:redhat:glibc:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5435", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5435", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 1.7, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00049, "percentile": 0.15903, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.026705 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5435", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033" ], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00049, "percentile": 0.15903, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5435", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5862acc01b536b65", "name": "glibc-common", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:glibc-common:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-common:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-common:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_common:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-common@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.39-124.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5435", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5435", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 1.7, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00049, "percentile": 0.15903, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.026705 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5435", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033" ], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00049, "percentile": 0.15903, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glibc", "version": "2.39-124.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5435", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3580b4e8bea9e378", "name": "glibc-minimal-langpack", "version": "2.39-124.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only AND GPL-3.0-or-later AND GPL-3.0-or-later WITH Autoconf-exception-generic-3.0 AND GPL-3.0-or-later WITH Texinfo-exception" ], "cpes": [ "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-minimal-langpack:2.39-124.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_minimal_langpack:2.39-124.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.39-124.el10_2?arch=x86_64&distro=rhel-10.2&upstream=glibc-2.39-124.el10_2.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.39-124.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-6732", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-6732", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6732", "epss": 0.00045, "percentile": 0.14426, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6732", "cwe": "CWE-843", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.025875 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6732", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6732", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:11503", "https://access.redhat.com/security/cve/CVE-2026-6732", "https://bugzilla.redhat.com/show_bug.cgi?id=2461300", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097", "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411" ], "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6732", "epss": 0.00045, "percentile": 0.14426, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6732", "cwe": "CWE-843", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libxml2", "version": "0:2.12.5-10.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-6732", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fd8a4e4169e6e582", "name": "libxml2", "version": "2.12.5-10.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT AND ISC-Veillard AND W3C" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.12.5-10.el10?arch=x86_64&distro=rhel-10.2&upstream=libxml2-2.12.5-10.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28388", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28388", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00058, "percentile": 0.18597, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.025810000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28388", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://openssl-library.org/news/secadv/20260407.txt", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" ], "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00058, "percentile": 0.18597, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-28388", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28388", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28388", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00058, "percentile": 0.18597, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.025810000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28388", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://openssl-library.org/news/secadv/20260407.txt", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" ], "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00058, "percentile": 0.18597, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-28388", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-7039", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-7039", "epss": 0.00074, "percentile": 0.22604, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-7039", "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.024789999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2025-7039", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-7039", "https://bugzilla.redhat.com/show_bug.cgi?id=2392423", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-7039", "epss": 0.00074, "percentile": 0.22604, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-7039", "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glib2", "version": "0:2.80.4-12.el10_2.13" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "37bb1f6df7e16bb3", "name": "glib2", "version": "2.80.4-12.el10_2.13", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.80.4-12.el10_2.13?arch=x86_64&distro=rhel-10.2&upstream=glib2-2.80.4-12.el10_2.13.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-15224", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15224", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00064, "percentile": 0.20389, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.024640000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15224", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00064, "percentile": 0.20389, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-15224", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15224", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00064, "percentile": 0.20389, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.024640000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15224", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00064, "percentile": 0.20389, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-58261", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-58261", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in sequoia-openpgp. Processing RawCertParser operations with unsupported primary key types triggers an infinite loop of error messages. This flaw allows a local attacker to provide a specially crafted certificate file, resulting in a denial of service due to resource exhaustion.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-58261", "epss": 0.00083, "percentile": 0.24441, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-58261", "cwe": "CWE-835", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.024485 }, "relatedVulnerabilities": [ { "id": "CVE-2024-58261", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-58261", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://crates.io/crates/sequoia-openpgp", "https://gitlab.com/sequoia-pgp/sequoia/-/issues/1106", "https://rustsec.org/advisories/RUSTSEC-2024-0345.html" ], "description": "The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of \"Reading a cert: Invalid operation: Not a Key packet\" messages for RawCertParser operations that encounter an unsupported primary key type.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-58261", "epss": 0.00083, "percentile": 0.24441, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-58261", "cwe": "CWE-835", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-58261", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "145d1c4db64e86b8", "name": "rpm-sequoia", "version": "1.10.1.1-2.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.0-or-later AND Apache-2.0 AND BSL-1.0 AND MIT AND Unicode-DFS-2016 AND (Apache-2.0 OR MIT) AND (MIT OR Apache-2.0 OR Zlib) AND (Unlicense OR MIT)" ], "cpes": [ "cpe:2.3:a:rpm-sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm-sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/rpm-sequoia@1.10.1.1-2.el10?arch=x86_64&distro=rhel-10.2&upstream=rust-rpm-sequoia-1.10.1.1-2.el10.src.rpm", "upstreams": [ { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-31790", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-31790", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00044, "percentile": 0.13904, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02398 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31790", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://openssl-library.org/news/secadv/20260407.txt", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" ], "description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00044, "percentile": 0.13904, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl-fips-provider", "version": "0:3.0.7-8.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-31790", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "9284baa8071a18be", "name": "openssl-fips-provider", "version": "3.0.7-8.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "ASL 2.0" ], "cpes": [ "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el10?arch=x86_64&distro=rhel-10.2&upstream=openssl-fips-provider-3.0.7-8.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-31790", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-31790", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00044, "percentile": 0.13904, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02398 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31790", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://openssl-library.org/news/secadv/20260407.txt", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" ], "description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00044, "percentile": 0.13904, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl-fips-provider", "version": "3.0.7-8.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-31790", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "6641b6a938bf5845", "name": "openssl-fips-provider-so", "version": "3.0.7-8.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "ASL 2.0" ], "cpes": [ "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el10?arch=x86_64&distro=rhel-10.2&upstream=openssl-fips-provider-3.0.7-8.el10.src.rpm", "upstreams": [ { "name": "openssl-fips-provider", "version": "3.0.7-8.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5545", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5545", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5545", "epss": 0.00039, "percentile": 0.12223, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5545", "cwe": "CWE-613", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.022424999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5545", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5545", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-5545.html", "https://curl.se/docs/CVE-2026-5545.json", "https://hackerone.com/reports/3642555" ], "description": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1's and user2's credentials when it is in fact\nstill using the connection authenticated for user1...", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5545", "epss": 0.00039, "percentile": 0.12223, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5545", "cwe": "CWE-613", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5545", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5545", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5545", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5545", "epss": 0.00039, "percentile": 0.12223, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5545", "cwe": "CWE-613", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.022424999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5545", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5545", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-5545.html", "https://curl.se/docs/CVE-2026-5545.json", "https://hackerone.com/reports/3642555" ], "description": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1's and user2's credentials when it is in fact\nstill using the connection authenticated for user1...", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5545", "epss": 0.00039, "percentile": 0.12223, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5545", "cwe": "CWE-613", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5545", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-13151", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.0005, "percentile": 0.16103, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.022250000000000006 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13151", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.com/gnutls/libtasn1", "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", "http://www.openwall.com/lists/oss-security/2026/01/08/5", "https://www.kb.cert.org/vuls/id/271649" ], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.0005, "percentile": 0.16103, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libtasn1", "version": "0:4.20.0-1.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2010fb1d4cbfee40", "name": "libtasn1", "version": "4.20.0-1.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:libtasn1:libtasn1:4.20.0-1.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libtasn1:4.20.0-1.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libtasn1@4.20.0-1.el10?arch=x86_64&distro=rhel-10.2&upstream=libtasn1-4.20.0-1.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-28835", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-28835", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-28835", "epss": 0.00043, "percentile": 0.13738, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-28835", "cwe": "CWE-248", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0215 }, "relatedVulnerabilities": [ { "id": "CVE-2024-28835", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-28835", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2024:1879", "https://access.redhat.com/errata/RHSA-2024:2570", "https://access.redhat.com/errata/RHSA-2024:2889", "https://access.redhat.com/security/cve/CVE-2024-28835", "https://bugzilla.redhat.com/show_bug.cgi?id=2269084", "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html", "http://www.openwall.com/lists/oss-security/2024/03/22/1", "http://www.openwall.com/lists/oss-security/2024/03/22/2", "https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html", "https://security.netapp.com/advisory/ntap-20241122-0009/" ], "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-28835", "epss": 0.00043, "percentile": 0.13738, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-28835", "cwe": "CWE-248", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "gnutls", "version": "0:3.8.10-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2024-28835", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "960232d7862f3dc5", "name": "gnutls", "version": "3.8.10-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:gnutls:gnutls:3.8.10-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gnutls:3.8.10-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/gnutls@3.8.10-4.el10_2?arch=x86_64&distro=rhel-10.2&upstream=gnutls-3.8.10-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-9232", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9232", "epss": 0.00069, "percentile": 0.21623, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-9232", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.021044999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-9232", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", "https://openssl-library.org/news/secadv/20250930.txt", "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html" ], "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9232", "epss": 0.00069, "percentile": 0.21623, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-9232", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-9232", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9232", "epss": 0.00069, "percentile": 0.21623, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-9232", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.021044999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-9232", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", "https://openssl-library.org/news/secadv/20250930.txt", "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html" ], "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9232", "epss": 0.00069, "percentile": 0.21623, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-9232", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-11850", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-11850", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read.\nThe attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.017499999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-11850", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-11850", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:25520", "https://access.redhat.com/security/cve/CVE-2026-11850", "https://bugzilla.redhat.com/show_bug.cgi?id=2459970" ], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read.\nThe attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "krb5", "version": "1.21.3-10.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-11850", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "6a26d6ddde94fd22", "name": "krb5-libs", "version": "1.21.3-10.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Brian-Gladman-2-Clause AND BSD-2-Clause AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-first-lines AND BSD-3-Clause AND BSD-4-Clause AND CMU-Mach-nodoc AND FSFULLRWD AND HPND AND HPND-export2-US AND HPND-export-US AND HPND-export-US-acknowledgement AND HPND-export-US-modify AND ISC AND MIT AND MIT-CMU AND OLDAP-2.8 AND OpenVision" ], "cpes": [ "cpe:2.3:a:krb5-libs:krb5-libs:1.21.3-10.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:krb5-libs:krb5_libs:1.21.3-10.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:krb5_libs:krb5-libs:1.21.3-10.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:krb5_libs:krb5_libs:1.21.3-10.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:krb5-libs:1.21.3-10.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:krb5_libs:1.21.3-10.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:krb5:krb5-libs:1.21.3-10.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:krb5:krb5_libs:1.21.3-10.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/krb5-libs@1.21.3-10.el10_2?arch=x86_64&distro=rhel-10.2&upstream=krb5-1.21.3-10.el10_2.src.rpm", "upstreams": [ { "name": "krb5", "version": "1.21.3-10.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-0990", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0990", "epss": 0.00032, "percentile": 0.09965, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-0990", "cwe": "CWE-674", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.017440000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0990", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2026-0990", "https://bugzilla.redhat.com/show_bug.cgi?id=2429959", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018" ], "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0990", "epss": 0.00032, "percentile": 0.09965, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-0990", "cwe": "CWE-674", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libxml2", "version": "0:2.12.5-10.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fd8a4e4169e6e582", "name": "libxml2", "version": "2.12.5-10.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT AND ISC-Veillard AND W3C" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.12.5-10.el10?arch=x86_64&distro=rhel-10.2&upstream=libxml2-2.12.5-10.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3805", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.0003, "percentile": 0.09093, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.016949999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3805", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-3805.html", "https://curl.se/docs/CVE-2026-3805.json", "https://hackerone.com/reports/3591944", "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.0003, "percentile": 0.09093, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3805", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.0003, "percentile": 0.09093, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.016949999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3805", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-3805.html", "https://curl.se/docs/CVE-2026-3805.json", "https://hackerone.com/reports/3591944", "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.0003, "percentile": 0.09093, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3784", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00029, "percentile": 0.08706, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.016675 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3784", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "http://www.openwall.com/lists/oss-security/2026/03/11/3", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00029, "percentile": 0.08706, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3784", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00029, "percentile": 0.08706, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.016675 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3784", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "http://www.openwall.com/lists/oss-security/2026/03/11/3", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00029, "percentile": 0.08706, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-15079", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15079", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 8.1, "exploitabilityScore": 2.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.0003, "percentile": 0.09126, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.016649999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "http://www.openwall.com/lists/oss-security/2026/01/07/6" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.0003, "percentile": 0.09126, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-15079", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15079", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 8.1, "exploitabilityScore": 2.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.0003, "percentile": 0.09126, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.016649999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "http://www.openwall.com/lists/oss-security/2026/01/07/6" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.0003, "percentile": 0.09126, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-6253", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-6253", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6253", "epss": 0.00032, "percentile": 0.09892, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6253", "cwe": "CWE-522", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01648 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6253", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6253", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-6253.html", "https://curl.se/docs/CVE-2026-6253.json", "https://hackerone.com/reports/3669637", "http://www.openwall.com/lists/oss-security/2026/04/29/11" ], "description": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n a redirect to a URL using another scheme (say `https://`), accessed using a\n second, different, proxy", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6253", "epss": 0.00032, "percentile": 0.09892, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6253", "cwe": "CWE-522", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-6253", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-6253", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-6253", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6253", "epss": 0.00032, "percentile": 0.09892, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6253", "cwe": "CWE-522", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01648 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6253", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6253", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-6253.html", "https://curl.se/docs/CVE-2026-6253.json", "https://hackerone.com/reports/3669637", "http://www.openwall.com/lists/oss-security/2026/04/29/11" ], "description": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n a redirect to a URL using another scheme (say `https://`), accessed using a\n second, different, proxy", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6253", "epss": 0.00032, "percentile": 0.09892, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6253", "cwe": "CWE-522", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-6253", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-70873", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-70873", "epss": 0.00052, "percentile": 0.16781, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-70873", "cwe": "CWE-244", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01638 }, "relatedVulnerabilities": [ { "id": "CVE-2025-70873", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", "https://sqlite.org/forum/forumpost/761eac3c82", "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-70873", "epss": 0.00052, "percentile": 0.16781, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-70873", "cwe": "CWE-244", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "sqlite", "version": "3.46.1-5.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e4a6c09aa53d2147", "name": "sqlite-libs", "version": "3.46.1-5.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "blessing" ], "cpes": [ "cpe:2.3:a:sqlite-libs:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite-libs:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite-libs:3.46.1-5.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite_libs:3.46.1-5.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/sqlite-libs@3.46.1-5.el10_1?arch=x86_64&distro=rhel-10.2&upstream=sqlite-3.46.1-5.el10_1.src.rpm", "upstreams": [ { "name": "sqlite", "version": "3.46.1-5.el10_1" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3783", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.7, "exploitabilityScore": 2.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00028, "percentile": 0.08617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01498 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3783", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00028, "percentile": 0.08617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3783", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.7, "exploitabilityScore": 2.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00028, "percentile": 0.08617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01498 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3783", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00028, "percentile": 0.08617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14819", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14819", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. When handling secure connections (TLS) and reusing connection settings, libcurl could incorrectly apply a cached security setting related to certificate chain validation. This could allow libcurl to accept a server's security certificate that it should have otherwise rejected, potentially compromising the integrity of the secure connection.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00029, "percentile": 0.08898, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01421 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14819", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14819.html", "https://curl.se/docs/CVE-2025-14819.json", "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00029, "percentile": 0.08898, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14819", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14819", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. When handling secure connections (TLS) and reusing connection settings, libcurl could incorrectly apply a cached security setting related to certificate chain validation. This could allow libcurl to accept a server's security certificate that it should have otherwise rejected, potentially compromising the integrity of the secure connection.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00029, "percentile": 0.08898, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01421 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14819", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14819.html", "https://curl.se/docs/CVE-2025-14819.json", "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00029, "percentile": 0.08898, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-6429", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-6429", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6429", "epss": 0.00024, "percentile": 0.07127, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0138 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6429", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6429", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-6429.html", "https://curl.se/docs/CVE-2026-6429.json", "https://hackerone.com/reports/3677759" ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6429", "epss": 0.00024, "percentile": 0.07127, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-6429", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-6429", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-6429", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6429", "epss": 0.00024, "percentile": 0.07127, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0138 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6429", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6429", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-6429.html", "https://curl.se/docs/CVE-2026-6429.json", "https://hackerone.com/reports/3677759" ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6429", "epss": 0.00024, "percentile": 0.07127, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-6429", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-60753", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-60753", "epss": 0.00026, "percentile": 0.07842, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { "cve": "CVE-2025-60753", "cwe": "CWE-835", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.013649999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2025-60753", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", "https://github.com/libarchive/libarchive/issues/2725" ], "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-60753", "epss": 0.00026, "percentile": 0.07842, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { "cve": "CVE-2025-60753", "cwe": "CWE-835", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libarchive", "version": "0:3.7.7-8.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1275a237f54746d8", "name": "libarchive", "version": "3.7.7-8.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-2-Clause AND FSFULLR AND GPL-2.0-or-later WITH Libtool-exception AND BSD-3-Clause AND FSFUL" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.7.7-8.el10_1?arch=x86_64&distro=rhel-10.2&upstream=libarchive-3.7.7-8.el10_1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5773", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5773", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5773", "epss": 0.00021, "percentile": 0.05947, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5773", "cwe": "CWE-918", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012074999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5773", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5773", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-5773.html", "https://curl.se/docs/CVE-2026-5773.json", "https://hackerone.com/reports/3650689", "http://www.openwall.com/lists/oss-security/2026/04/29/9" ], "description": "libcurl might in some circumstances reuse the wrong connection for SMB(S)\ntransfers.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a network transfer operation that was requested by an\napplication could wrongfully reuse an existing SMB connection to the same\nserver that was using a different 'share' than the new subsequent transfer\nshould.\n\nThis could in unlucky situations lead to the download of the wrong file or the\nupload of a file to the wrong place. When this happens, the same credentials\nare used and the server name is the same.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5773", "epss": 0.00021, "percentile": 0.05947, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5773", "cwe": "CWE-918", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5773", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5773", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5773", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5773", "epss": 0.00021, "percentile": 0.05947, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5773", "cwe": "CWE-918", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012074999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5773", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5773", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-5773.html", "https://curl.se/docs/CVE-2026-5773.json", "https://hackerone.com/reports/3650689", "http://www.openwall.com/lists/oss-security/2026/04/29/9" ], "description": "libcurl might in some circumstances reuse the wrong connection for SMB(S)\ntransfers.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a network transfer operation that was requested by an\napplication could wrongfully reuse an existing SMB connection to the same\nserver that was using a different 'share' than the new subsequent transfer\nshould.\n\nThis could in unlucky situations lead to the download of the wrong file or the\nupload of a file to the wrong place. When this happens, the same credentials\nare used and the server name is the same.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5773", "epss": 0.00021, "percentile": 0.05947, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5773", "cwe": "CWE-918", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5773", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-22185", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 6.8, "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00019, "percentile": 0.05503, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01121 }, "relatedVulnerabilities": [ { "id": "CVE-2026-22185", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://bugs.openldap.org/show_bug.cgi?id=10421", "https://seclists.org/fulldisclosure/2026/Jan/5", "https://seclists.org/fulldisclosure/2026/Jan/8", "https://www.openldap.org/", "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { "source": "disclosure@vulncheck.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00019, "percentile": 0.05503, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openldap", "version": "0:2.6.10-1.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "0aeb0860f009f5ad", "name": "openldap", "version": "2.6.10-1.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "OLDAP-2.8" ], "cpes": [ "cpe:2.3:a:openldap:openldap:2.6.10-1.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openldap:2.6.10-1.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openldap@2.6.10-1.el10?arch=x86_64&distro=rhel-10.2&upstream=openldap-2.6.10-1.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-42250", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-42250", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in bzip2. The bzip2recover utility contains an off-by-one error that allows a local attacker to cause an out-of-bounds write to a global buffer by processing a specially crafted file. This memory corruption can lead to a crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42250", "epss": 0.00021, "percentile": 0.06139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42250", "cwe": "CWE-787", "source": "cvd@cert.pl", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0105 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42250", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42250", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cert.pl/en/posts/2026/05/CVE-2026-42250/", "https://inbox.sourceware.org/bzip2-devel/20260528145407.293768-1-mark@klomp.org/", "https://sourceware.org/bzip2/", "https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67" ], "description": "bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service).\n\nThis issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67", "cvss": [ { "source": "cvd@cert.pl", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42250", "epss": 0.00021, "percentile": 0.06139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42250", "cwe": "CWE-787", "source": "cvd@cert.pl", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "bzip2", "version": "1.0.8-25.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-42250", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "89e3fd877ef33338", "name": "bzip2-libs", "version": "1.0.8-25.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-4-Clause" ], "cpes": [ "cpe:2.3:a:bzip2-libs:bzip2-libs:1.0.8-25.el10:*:*:*:*:*:*:*", "cpe:2.3:a:bzip2-libs:bzip2_libs:1.0.8-25.el10:*:*:*:*:*:*:*", "cpe:2.3:a:bzip2_libs:bzip2-libs:1.0.8-25.el10:*:*:*:*:*:*:*", "cpe:2.3:a:bzip2_libs:bzip2_libs:1.0.8-25.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:bzip2-libs:1.0.8-25.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:bzip2_libs:1.0.8-25.el10:*:*:*:*:*:*:*", "cpe:2.3:a:bzip2:bzip2-libs:1.0.8-25.el10:*:*:*:*:*:*:*", "cpe:2.3:a:bzip2:bzip2_libs:1.0.8-25.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/bzip2-libs@1.0.8-25.el10?arch=x86_64&distro=rhel-10.2&upstream=bzip2-1.0.8-25.el10.src.rpm", "upstreams": [ { "name": "bzip2", "version": "1.0.8-25.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14524", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14524", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00022, "percentile": 0.06581, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01045 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14524", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00022, "percentile": 0.06581, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14524", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14524", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00022, "percentile": 0.06581, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01045 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14524", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00022, "percentile": 0.06581, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1489", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1489", "epss": 0.0002, "percentile": 0.05728, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1489", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.010400000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1489", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-1489", "https://bugzilla.redhat.com/show_bug.cgi?id=2433348", "https://gitlab.gnome.org/GNOME/glib/-/issues/3872", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1489", "epss": 0.0002, "percentile": 0.05728, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1489", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glib2", "version": "0:2.80.4-12.el10_2.13" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-1489", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "37bb1f6df7e16bb3", "name": "glib2", "version": "2.80.4-12.el10_2.13", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.80.4-12.el10_2.13?arch=x86_64&distro=rhel-10.2&upstream=glib2-2.80.4-12.el10_2.13.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-0988", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0988", "epss": 0.00029, "percentile": 0.08723, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-0988", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009715 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0988", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7461", "https://access.redhat.com/security/cve/CVE-2026-0988", "https://bugzilla.redhat.com/show_bug.cgi?id=2429886", "https://gitlab.gnome.org/GNOME/glib/-/issues/3851" ], "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0988", "epss": 0.00029, "percentile": 0.08723, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-0988", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glib2", "version": "0:2.80.4-12.el10_2.13" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "37bb1f6df7e16bb3", "name": "glib2", "version": "2.80.4-12.el10_2.13", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.80.4-12.el10_2.13?arch=x86_64&distro=rhel-10.2&upstream=glib2-2.80.4-12.el10_2.13.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-6170", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-6170", "epss": 0.00035, "percentile": 0.10698, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-6170", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009625000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-6170", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-6170", "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/941", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-6170", "epss": 0.00035, "percentile": 0.10698, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-6170", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libxml2", "version": "0:2.12.5-10.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fd8a4e4169e6e582", "name": "libxml2", "version": "2.12.5-10.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT AND ISC-Veillard AND W3C" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.12.5-10.el10?arch=x86_64&distro=rhel-10.2&upstream=libxml2-2.12.5-10.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009215000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "util-linux", "version": "2.40.2-18.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b290ec75159ba5f8", "name": "libblkid", "version": "2.40.2-18.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:libblkid:libblkid:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libblkid:2.40.2-18.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libblkid@2.40.2-18.el10?arch=x86_64&distro=rhel-10.2&upstream=util-linux-2.40.2-18.el10.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.40.2-18.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009215000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "util-linux", "version": "2.40.2-18.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "cc5c9d135186707b", "name": "libfdisk", "version": "2.40.2-18.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:libfdisk:libfdisk:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libfdisk:2.40.2-18.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libfdisk@2.40.2-18.el10?arch=x86_64&distro=rhel-10.2&upstream=util-linux-2.40.2-18.el10.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.40.2-18.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009215000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "util-linux", "version": "2.40.2-18.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1130e39b5d35f320", "name": "libmount", "version": "2.40.2-18.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:libmount:libmount:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libmount:2.40.2-18.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libmount@2.40.2-18.el10?arch=x86_64&distro=rhel-10.2&upstream=util-linux-2.40.2-18.el10.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.40.2-18.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009215000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "util-linux", "version": "2.40.2-18.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "642d535aed527a39", "name": "libsmartcols", "version": "2.40.2-18.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:libsmartcols:libsmartcols:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libsmartcols:2.40.2-18.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libsmartcols@2.40.2-18.el10?arch=x86_64&distro=rhel-10.2&upstream=util-linux-2.40.2-18.el10.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.40.2-18.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009215000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "util-linux", "version": "2.40.2-18.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "6a1cd37b836171b9", "name": "libuuid", "version": "2.40.2-18.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-3-Clause" ], "cpes": [ "cpe:2.3:a:libuuid:libuuid:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libuuid:2.40.2-18.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libuuid@2.40.2-18.el10?arch=x86_64&distro=rhel-10.2&upstream=util-linux-2.40.2-18.el10.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.40.2-18.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009215000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "util-linux", "version": "0:2.40.2-18.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ce949131261e7b08", "name": "util-linux", "version": "2.40.2-18.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-or-later AND LGPL-2.1-or-later AND EUPL-1.2 AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain" ], "cpes": [ "cpe:2.3:a:util-linux:util-linux:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util-linux:util_linux:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util_linux:util-linux:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util_linux:util_linux:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:util-linux:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:util_linux:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util:util-linux:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util:util_linux:2.40.2-18.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/util-linux@2.40.2-18.el10?arch=x86_64&distro=rhel-10.2&upstream=util-linux-2.40.2-18.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009215000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00019, "percentile": 0.05248, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "util-linux", "version": "2.40.2-18.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "590f2b2212c69fab", "name": "util-linux-core", "version": "2.40.2-18.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-only AND GPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain" ], "cpes": [ "cpe:2.3:a:util-linux-core:util-linux-core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util-linux-core:util_linux_core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util_linux_core:util-linux-core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util_linux_core:util_linux_core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util-linux:util-linux-core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util-linux:util_linux_core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util_linux:util-linux-core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util_linux:util_linux_core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:util-linux-core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:util_linux_core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util:util-linux-core:2.40.2-18.el10:*:*:*:*:*:*:*", "cpe:2.3:a:util:util_linux_core:2.40.2-18.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/util-linux-core@2.40.2-18.el10?arch=x86_64&distro=rhel-10.2&upstream=util-linux-2.40.2-18.el10.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.40.2-18.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-48864", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-48864", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7.8, "exploitabilityScore": 1.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-48864", "epss": 0.00014, "percentile": 0.02572, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-48864", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00896 }, "relatedVulnerabilities": [ { "id": "CVE-2026-48864", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-48864", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:21333", "https://access.redhat.com/security/cve/CVE-2026-48864", "https://bugzilla.redhat.com/show_bug.cgi?id=2460425" ], "description": "A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7.8, "exploitabilityScore": 1.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-48864", "epss": 0.00014, "percentile": 0.02572, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-48864", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libsolv", "version": "0:0.7.33-2.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-48864", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "05573771473cf808", "name": "libsolv", "version": "0.7.33-2.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-3-Clause" ], "cpes": [ "cpe:2.3:a:libsolv:libsolv:0.7.33-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libsolv:0.7.33-2.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libsolv@0.7.33-2.el10?arch=x86_64&distro=rhel-10.2&upstream=libsolv-0.7.33-2.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1484", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 4.2, "exploitabilityScore": 1.7, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1484", "epss": 0.00019, "percentile": 0.05432, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1484", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.008740000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1484", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-1484", "https://bugzilla.redhat.com/show_bug.cgi?id=2433259", "https://gitlab.gnome.org/GNOME/glib/-/issues/3870", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 4.2, "exploitabilityScore": 1.7, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1484", "epss": 0.00019, "percentile": 0.05432, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1484", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glib2", "version": "0:2.80.4-12.el10_2.13" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "37bb1f6df7e16bb3", "name": "glib2", "version": "2.80.4-12.el10_2.13", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.80.4-12.el10_2.13?arch=x86_64&distro=rhel-10.2&upstream=glib2-2.80.4-12.el10_2.13.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1371", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1371", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1371", "epss": 0.00026, "percentile": 0.07737, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1371", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00819 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1371", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1371", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15926", "https://sourceware.org/bugzilla/show_bug.cgi?id=32655", "https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2", "https://vuldb.com/?ctiid.295978", "https://vuldb.com/?id.295978", "https://vuldb.com/?submit.496484", "https://www.gnu.org/" ], "description": "A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1371", "epss": 0.00026, "percentile": 0.07737, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1371", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1371", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "039e6208aa0e25c7", "name": "elfutils-debuginfod-client", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND (GPL-2.0-or-later OR LGPL-3.0-or-later)" ], "cpes": [ "cpe:2.3:a:elfutils-debuginfod-client:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod-client:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod_client:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod_client:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-debuginfod-client@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1371", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1371", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1371", "epss": 0.00026, "percentile": 0.07737, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1371", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00819 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1371", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1371", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15926", "https://sourceware.org/bugzilla/show_bug.cgi?id=32655", "https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2", "https://vuldb.com/?ctiid.295978", "https://vuldb.com/?id.295978", "https://vuldb.com/?submit.496484", "https://www.gnu.org/" ], "description": "A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1371", "epss": 0.00026, "percentile": 0.07737, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1371", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1371", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2e4e64248e55a61e", "name": "elfutils-default-yama-scope", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-default-yama-scope:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama-scope:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama_scope:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama_scope:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-default-yama-scope@0.194-2.el10_2?arch=noarch&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1371", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1371", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1371", "epss": 0.00026, "percentile": 0.07737, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1371", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00819 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1371", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1371", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15926", "https://sourceware.org/bugzilla/show_bug.cgi?id=32655", "https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2", "https://vuldb.com/?ctiid.295978", "https://vuldb.com/?id.295978", "https://vuldb.com/?submit.496484", "https://www.gnu.org/" ], "description": "A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1371", "epss": 0.00026, "percentile": 0.07737, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1371", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1371", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60665ebb92b5bd06", "name": "elfutils-libelf", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-libelf:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-libelf:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libelf:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libelf:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-libelf@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1371", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1371", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1371", "epss": 0.00026, "percentile": 0.07737, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1371", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00819 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1371", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1371", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15926", "https://sourceware.org/bugzilla/show_bug.cgi?id=32655", "https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2", "https://vuldb.com/?ctiid.295978", "https://vuldb.com/?id.295978", "https://vuldb.com/?submit.496484", "https://www.gnu.org/" ], "description": "A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1371", "epss": 0.00026, "percentile": 0.07737, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1371", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1371", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1371", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "18662923440e4b0c", "name": "elfutils-libs", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-libs:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-libs:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libs:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libs:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-libs@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-9150", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-9150", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-9150", "epss": 0.00014, "percentile": 0.02611, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-9150", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00805 }, "relatedVulnerabilities": [ { "id": "CVE-2026-9150", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-9150", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-9150", "https://bugzilla.redhat.com/show_bug.cgi?id=2460379", "https://github.com/openSUSE/libsolv/pull/616" ], "description": "A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-9150", "epss": 0.00014, "percentile": 0.02611, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-9150", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libsolv", "version": "0:0.7.33-2.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-9150", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "05573771473cf808", "name": "libsolv", "version": "0.7.33-2.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-3-Clause" ], "cpes": [ "cpe:2.3:a:libsolv:libsolv:0.7.33-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libsolv:0.7.33-2.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libsolv@0.7.33-2.el10?arch=x86_64&distro=rhel-10.2&upstream=libsolv-0.7.33-2.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1632", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1632", "epss": 0.00025, "percentile": 0.07337, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1632", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1632", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1632", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007874999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1632", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", "https://vuldb.com/?ctiid.296619", "https://vuldb.com/?id.296619", "https://vuldb.com/?submit.496460" ], "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1632", "epss": 0.00025, "percentile": 0.07337, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1632", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1632", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1632", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libarchive", "version": "0:3.7.7-8.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1275a237f54746d8", "name": "libarchive", "version": "3.7.7-8.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-2-Clause AND FSFULLR AND GPL-2.0-or-later WITH Libtool-exception AND BSD-3-Clause AND FSFUL" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.7.7-8.el10_1?arch=x86_64&distro=rhel-10.2&upstream=libarchive-3.7.7-8.el10_1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4873", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4873", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4873", "epss": 0.00015, "percentile": 0.031, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4873", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2026-4873", "cwe": "CWE-319", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007724999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4873", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4873", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-4873.html", "https://curl.se/docs/CVE-2026-4873.json", "https://hackerone.com/reports/3621851", "http://www.openwall.com/lists/oss-security/2026/04/29/7" ], "description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4873", "epss": 0.00015, "percentile": 0.031, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4873", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2026-4873", "cwe": "CWE-319", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-4873", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4873", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4873", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4873", "epss": 0.00015, "percentile": 0.031, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4873", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2026-4873", "cwe": "CWE-319", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007724999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4873", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4873", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-4873.html", "https://curl.se/docs/CVE-2026-4873.json", "https://hackerone.com/reports/3621851", "http://www.openwall.com/lists/oss-security/2026/04/29/7" ], "description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4873", "epss": 0.00015, "percentile": 0.031, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4873", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2026-4873", "cwe": "CWE-319", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-4873", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-50219", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-50219", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libexpat. This vulnerability occurs because the library, in versions before 2.8.2, does not properly track handler call depth when certain XML parsing functions are invoked from within handlers during a policy violation. This oversight can lead to a use-after-free condition, which may result in information disclosure, integrity loss, or denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 4.9, "exploitabilityScore": 1.5, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-50219", "epss": 0.00015, "percentile": 0.03498, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-50219", "cwe": "CWE-416", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007424999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-50219", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-50219", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/libexpat/libexpat/pull/1246" ], "description": "libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.6, "impactScore": 3.4 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 4.9, "exploitabilityScore": 1.5, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-50219", "epss": 0.00015, "percentile": 0.03498, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-50219", "cwe": "CWE-416", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "expat", "version": "0:2.7.3-1.el10_2.1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-50219", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "777f6467c40e3cda", "name": "expat", "version": "2.7.3-1.el10_2.1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:redhat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:expat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/expat@2.7.3-1.el10_2.1?arch=x86_64&distro=rhel-10.2&upstream=expat-2.7.3-1.el10_2.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4105", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.0001, "percentile": 0.01238, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00585 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4105", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7299", "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.0001, "percentile": 0.01238, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "systemd", "version": "0:257-23.el10_2.2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "164de0912c588c0c", "name": "systemd", "version": "257-23.el10_2.2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later" ], "cpes": [ "cpe:2.3:a:systemd:systemd:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd:257-23.el10_2.2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/systemd@257-23.el10_2.2?arch=x86_64&distro=rhel-10.2&upstream=systemd-257-23.el10_2.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4105", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.0001, "percentile": 0.01238, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00585 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4105", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7299", "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.0001, "percentile": 0.01238, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "systemd", "version": "257-23.el10_2.2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4a07380aa7e9f76f", "name": "systemd-libs", "version": "257-23.el10_2.2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND MIT" ], "cpes": [ "cpe:2.3:a:systemd-libs:systemd-libs:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd-libs:systemd_libs:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_libs:systemd-libs:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_libs:systemd_libs:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd:systemd-libs:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd:systemd_libs:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd-libs:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd_libs:257-23.el10_2.2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/systemd-libs@257-23.el10_2.2?arch=x86_64&distro=rhel-10.2&upstream=systemd-257-23.el10_2.2.src.rpm", "upstreams": [ { "name": "systemd", "version": "257-23.el10_2.2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4105", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.0001, "percentile": 0.01238, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00585 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4105", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7299", "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.0001, "percentile": 0.01238, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "systemd", "version": "257-23.el10_2.2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ae9471c59193da18", "name": "systemd-pam", "version": "257-23.el10_2.2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later" ], "cpes": [ "cpe:2.3:a:systemd-pam:systemd-pam:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd-pam:systemd_pam:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_pam:systemd-pam:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_pam:systemd_pam:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd:systemd-pam:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:systemd:systemd_pam:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd-pam:257-23.el10_2.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd_pam:257-23.el10_2.2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/systemd-pam@257-23.el10_2.2?arch=x86_64&distro=rhel-10.2&upstream=systemd-257-23.el10_2.2.src.rpm", "upstreams": [ { "name": "systemd", "version": "257-23.el10_2.2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1757", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.2, "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1757", "epss": 0.0001, "percentile": 0.01317, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1757", "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.005600000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1757", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2026-1757", "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.2, "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1757", "epss": 0.0001, "percentile": 0.01317, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1757", "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libxml2", "version": "0:2.12.5-10.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fd8a4e4169e6e582", "name": "libxml2", "version": "2.12.5-10.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT AND ISC-Veillard AND W3C" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.12.5-10.el10?arch=x86_64&distro=rhel-10.2&upstream=libxml2-2.12.5-10.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-6276", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-6276", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6276", "epss": 0.00014, "percentile": 0.02607, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6276", "cwe": "CWE-319", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6276", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6276", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-6276.html", "https://curl.se/docs/CVE-2026-6276.json", "https://hackerone.com/reports/3671818", "http://www.openwall.com/lists/oss-security/2026/04/29/13" ], "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6276", "epss": 0.00014, "percentile": 0.02607, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6276", "cwe": "CWE-319", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-6276", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-6276", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-6276", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6276", "epss": 0.00014, "percentile": 0.02607, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6276", "cwe": "CWE-319", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6276", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6276", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-6276.html", "https://curl.se/docs/CVE-2026-6276.json", "https://hackerone.com/reports/3671818", "http://www.openwall.com/lists/oss-security/2026/04/29/13" ], "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6276", "epss": 0.00014, "percentile": 0.02607, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6276", "cwe": "CWE-319", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-6276", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-41080", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-41080", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41080", "epss": 0.00013, "percentile": 0.02189, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-41080", "cwe": "CWE-331", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2026-41080", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-41080", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://blog.hartwork.org/posts/expat-2-8-0-released/", "https://github.com/libexpat/libexpat/issues/47", "https://github.com/libexpat/libexpat/pull/1183", "https://www.openwall.com/lists/oss-security/2026/04/26/1", "http://www.openwall.com/lists/oss-security/2026/04/26/1" ], "description": "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41080", "epss": 0.00013, "percentile": 0.02189, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-41080", "cwe": "CWE-331", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "expat", "version": "0:2.7.3-1.el10_2.1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-41080", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "777f6467c40e3cda", "name": "expat", "version": "2.7.3-1.el10_2.1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:redhat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:expat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/expat@2.7.3-1.el10_2.1?arch=x86_64&distro=rhel-10.2&upstream=expat-2.7.3-1.el10_2.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-13034", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13034", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00007, "percentile": 0.00617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13034", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-13034.html", "https://curl.se/docs/CVE-2025-13034.json" ], "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00007, "percentile": 0.00617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-13034", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-13034", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13034", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00007, "percentile": 0.00617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13034", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-13034.html", "https://curl.se/docs/CVE-2025-13034.json" ], "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00007, "percentile": 0.00617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-13034", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-0992", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0992", "epss": 0.00013, "percentile": 0.0213, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-0992", "cwe": "CWE-400", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.003835 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0992", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2026-0992", "https://bugzilla.redhat.com/show_bug.cgi?id=2429975", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019" ], "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0992", "epss": 0.00013, "percentile": 0.0213, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-0992", "cwe": "CWE-400", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libxml2", "version": "0:2.12.5-10.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fd8a4e4169e6e582", "name": "libxml2", "version": "2.12.5-10.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT AND ISC-Veillard AND W3C" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.12.5-10.el10?arch=x86_64&distro=rhel-10.2&upstream=libxml2-2.12.5-10.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1485", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.8, "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1485", "epss": 0.00013, "percentile": 0.02063, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1485", "cwe": "CWE-124", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1485", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-1485", "https://bugzilla.redhat.com/show_bug.cgi?id=2433325", "https://gitlab.gnome.org/GNOME/glib/-/issues/3871" ], "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.8, "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1485", "epss": 0.00013, "percentile": 0.02063, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1485", "cwe": "CWE-124", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "glib2", "version": "0:2.80.4-12.el10_2.13" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "37bb1f6df7e16bb3", "name": "glib2", "version": "2.80.4-12.el10_2.13", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.1-or-later" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.80.4-12.el10_2.13:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.80.4-12.el10_2.13?arch=x86_64&distro=rhel-10.2&upstream=glib2-2.80.4-12.el10_2.13.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-31789", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-31789", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.8, "exploitabilityScore": 1.1, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00008, "percentile": 0.00864, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00352 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31789", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://openssl-library.org/news/secadv/20260407.txt", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" ], "description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.8, "exploitabilityScore": 1.1, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00008, "percentile": 0.00864, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "1:3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-31789", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f614b5caa1deba16", "name": "openssl", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-31789", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-31789", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.8, "exploitabilityScore": 1.1, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00008, "percentile": 0.00864, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00352 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31789", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://openssl-library.org/news/secadv/20260407.txt", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" ], "description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.8, "exploitabilityScore": 1.1, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00008, "percentile": 0.00864, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "openssl", "version": "3.5.5-4.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-31789", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a04fa80016994e00", "name": "openssl-libs", "version": "1:3.5.5-4.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.5-4.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.5-4.el10_2?arch=x86_64&distro=rhel-10.2&epoch=1&upstream=openssl-3.5.5-4.el10_2.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.5-4.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1377", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1377", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1377", "epss": 0.00011, "percentile": 0.01444, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1377", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0034649999999999993 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1377", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1377", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15941", "https://sourceware.org/bugzilla/show_bug.cgi?id=32673", "https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2", "https://vuldb.com/?ctiid.295985", "https://vuldb.com/?id.295985", "https://vuldb.com/?submit.497539", "https://www.gnu.org/" ], "description": "A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1377", "epss": 0.00011, "percentile": 0.01444, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1377", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1377", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "039e6208aa0e25c7", "name": "elfutils-debuginfod-client", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND (GPL-2.0-or-later OR LGPL-3.0-or-later)" ], "cpes": [ "cpe:2.3:a:elfutils-debuginfod-client:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod-client:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod_client:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod_client:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-debuginfod-client@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1377", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1377", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1377", "epss": 0.00011, "percentile": 0.01444, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1377", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0034649999999999993 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1377", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1377", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15941", "https://sourceware.org/bugzilla/show_bug.cgi?id=32673", "https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2", "https://vuldb.com/?ctiid.295985", "https://vuldb.com/?id.295985", "https://vuldb.com/?submit.497539", "https://www.gnu.org/" ], "description": "A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1377", "epss": 0.00011, "percentile": 0.01444, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1377", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1377", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2e4e64248e55a61e", "name": "elfutils-default-yama-scope", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-default-yama-scope:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama-scope:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama_scope:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama_scope:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-default-yama-scope@0.194-2.el10_2?arch=noarch&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1377", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1377", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1377", "epss": 0.00011, "percentile": 0.01444, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1377", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0034649999999999993 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1377", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1377", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15941", "https://sourceware.org/bugzilla/show_bug.cgi?id=32673", "https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2", "https://vuldb.com/?ctiid.295985", "https://vuldb.com/?id.295985", "https://vuldb.com/?submit.497539", "https://www.gnu.org/" ], "description": "A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1377", "epss": 0.00011, "percentile": 0.01444, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1377", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1377", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60665ebb92b5bd06", "name": "elfutils-libelf", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-libelf:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-libelf:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libelf:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libelf:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-libelf@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1377", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1377", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1377", "epss": 0.00011, "percentile": 0.01444, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1377", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0034649999999999993 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1377", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1377", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15941", "https://sourceware.org/bugzilla/show_bug.cgi?id=32673", "https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2", "https://vuldb.com/?ctiid.295985", "https://vuldb.com/?id.295985", "https://vuldb.com/?submit.497539", "https://www.gnu.org/" ], "description": "A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1377", "epss": 0.00011, "percentile": 0.01444, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1377", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1377", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "18662923440e4b0c", "name": "elfutils-libs", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-libs:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-libs:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libs:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libs:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-libs@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5958", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5958", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A Time-of-Check Time-of-Use (TOCTOU) race condition was found in GNU sed. When the -i (in-place) and --follow-symlinks options are used together, sed resolves the symlink but reopens the path for writing. An attacker with write access to the directory containing the symlink can swap it between the check and the open operations. If a privileged user executes sed in this manner on a path influenced by the attacker, it can lead to arbitrary file overwrites and potential privilege escalation.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "metrics": { "baseScore": 6.3, "exploitabilityScore": 1.1, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5958", "epss": 0.00006, "percentile": 0.00338, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5958", "cwe": "CWE-367", "source": "cvd@cert.pl", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00339 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5958", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5958", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://cert.pl/en/posts/2026/04/CVE-2026-5958", "https://www.gnu.org/software/sed/", "http://www.openwall.com/lists/oss-security/2026/05/13/1" ], "description": "When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: \n1. resolves symlink to its target and stores the resolved path for determining when output is written,\n2. opens the original symlink path (not the resolved one) to read the file. \nBetween these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process.\n\n\nThis issue was fixed in version 4.10.", "cvss": [ { "source": "cvd@cert.pl", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 2.1 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5958", "epss": 0.00006, "percentile": 0.00338, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5958", "cwe": "CWE-367", "source": "cvd@cert.pl", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "sed", "version": "0:4.9-5.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5958", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "09193087e19e75df", "name": "sed", "version": "4.9-5.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:redhat:sed:4.9-5.el10:*:*:*:*:*:*:*", "cpe:2.3:a:sed:sed:4.9-5.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/sed@4.9-5.el10?arch=x86_64&distro=rhel-10.2&upstream=sed-4.9-5.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-32776", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32776", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.2, "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-32776", "epss": 0.00006, "percentile": 0.00422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-32776", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00336 }, "relatedVulnerabilities": [ { "id": "CVE-2026-32776", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/libexpat/libexpat/pull/1158", "https://github.com/libexpat/libexpat/pull/1159" ], "description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-32776", "epss": 0.00006, "percentile": 0.00422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-32776", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "expat", "version": "0:2.7.3-1.el10_2.1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-32776", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "777f6467c40e3cda", "name": "expat", "version": "2.7.3-1.el10_2.1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:redhat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:expat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/expat@2.7.3-1.el10_2.1?arch=x86_64&distro=rhel-10.2&upstream=expat-2.7.3-1.el10_2.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2625", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2625", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2625", "epss": 0.00007, "percentile": 0.00685, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-2625", "cwe": "CWE-347", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00315 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2625", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2625", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:12682", "https://access.redhat.com/security/cve/CVE-2026-2625", "https://bugzilla.redhat.com/show_bug.cgi?id=2440357" ], "description": "A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2625", "epss": 0.00007, "percentile": 0.00685, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-2625", "cwe": "CWE-347", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-2625", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "145d1c4db64e86b8", "name": "rpm-sequoia", "version": "1.10.1.1-2.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPL-2.0-or-later AND Apache-2.0 AND BSL-1.0 AND MIT AND Unicode-DFS-2016 AND (Apache-2.0 OR MIT) AND (MIT OR Apache-2.0 OR Zlib) AND (Unlicense OR MIT)" ], "cpes": [ "cpe:2.3:a:rpm-sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm-sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm_sequoia:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm-sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm_sequoia:1.10.1.1-2.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/rpm-sequoia@1.10.1.1-2.el10?arch=x86_64&distro=rhel-10.2&upstream=rust-rpm-sequoia-1.10.1.1-2.el10.src.rpm", "upstreams": [ { "name": "rust-rpm-sequoia", "version": "1.10.1.1-2.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-32778", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32778", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.1, "exploitabilityScore": 1.5, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-32778", "epss": 0.00006, "percentile": 0.00422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-32778", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00303 }, "relatedVulnerabilities": [ { "id": "CVE-2026-32778", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/libexpat/libexpat/pull/1159", "https://github.com/libexpat/libexpat/pull/1163" ], "description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-32778", "epss": 0.00006, "percentile": 0.00422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-32778", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "expat", "version": "0:2.7.3-1.el10_2.1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-32778", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "777f6467c40e3cda", "name": "expat", "version": "2.7.3-1.el10_2.1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:redhat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:expat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/expat@2.7.3-1.el10_2.1?arch=x86_64&distro=rhel-10.2&upstream=expat-2.7.3-1.el10_2.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-66382", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-66382", "epss": 0.0001, "percentile": 0.01252, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-66382", "cwe": "CWE-407", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00295 }, "relatedVulnerabilities": [ { "id": "CVE-2025-66382", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/libexpat/libexpat/issues/1076", "http://www.openwall.com/lists/oss-security/2025/12/02/1", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-66382", "epss": 0.0001, "percentile": 0.01252, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-66382", "cwe": "CWE-407", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "expat", "version": "0:2.7.3-1.el10_2.1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "777f6467c40e3cda", "name": "expat", "version": "2.7.3-1.el10_2.1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:redhat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:expat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/expat@2.7.3-1.el10_2.1?arch=x86_64&distro=rhel-10.2&upstream=expat-2.7.3-1.el10_2.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1376", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1376", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1376", "epss": 0.0001, "percentile": 0.01138, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1376", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0027500000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1376", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1376", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15940", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3", "https://vuldb.com/?ctiid.295984", "https://vuldb.com/?id.295984", "https://vuldb.com/?submit.497538", "https://www.gnu.org/", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 2 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:H/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1, "exploitabilityScore": 1.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1376", "epss": 0.0001, "percentile": 0.01138, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1376", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1376", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "039e6208aa0e25c7", "name": "elfutils-debuginfod-client", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-3.0-or-later AND (GPL-2.0-or-later OR LGPL-3.0-or-later)" ], "cpes": [ "cpe:2.3:a:elfutils-debuginfod-client:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod-client:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod_client:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod_client:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-debuginfod:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_debuginfod:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-debuginfod-client:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_debuginfod_client:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-debuginfod-client@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1376", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1376", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1376", "epss": 0.0001, "percentile": 0.01138, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1376", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0027500000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1376", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1376", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15940", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3", "https://vuldb.com/?ctiid.295984", "https://vuldb.com/?id.295984", "https://vuldb.com/?submit.497538", "https://www.gnu.org/", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 2 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:H/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1, "exploitabilityScore": 1.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1376", "epss": 0.0001, "percentile": 0.01138, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1376", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1376", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2e4e64248e55a61e", "name": "elfutils-default-yama-scope", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-default-yama-scope:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama-scope:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama_scope:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama_scope:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default-yama:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default_yama:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-default:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_default:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-default-yama-scope:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_default_yama_scope:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-default-yama-scope@0.194-2.el10_2?arch=noarch&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1376", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1376", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1376", "epss": 0.0001, "percentile": 0.01138, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1376", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0027500000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1376", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1376", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15940", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3", "https://vuldb.com/?ctiid.295984", "https://vuldb.com/?id.295984", "https://vuldb.com/?submit.497538", "https://www.gnu.org/", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 2 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:H/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1, "exploitabilityScore": 1.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1376", "epss": 0.0001, "percentile": 0.01138, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1376", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1376", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60665ebb92b5bd06", "name": "elfutils-libelf", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-libelf:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-libelf:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libelf:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libelf:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-libelf:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_libelf:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-libelf@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1376", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1376", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1376", "epss": 0.0001, "percentile": 0.01138, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1376", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0027500000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1376", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1376", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/attachment.cgi?id=15940", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3", "https://vuldb.com/?ctiid.295984", "https://vuldb.com/?id.295984", "https://vuldb.com/?submit.497538", "https://www.gnu.org/", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 2 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:H/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1, "exploitabilityScore": 1.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1376", "epss": 0.0001, "percentile": 0.01138, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-1376", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "elfutils", "version": "0.194-2.el10_2" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-1376", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "18662923440e4b0c", "name": "elfutils-libs", "version": "0.194-2.el10_2", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPL-2.0-or-later OR LGPL-3.0-or-later" ], "cpes": [ "cpe:2.3:a:elfutils-libs:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils-libs:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libs:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_libs:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils-libs:0.194-2.el10_2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:elfutils_libs:0.194-2.el10_2:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/elfutils-libs@0.194-2.el10_2?arch=x86_64&distro=rhel-10.2&upstream=elfutils-0.194-2.el10_2.src.rpm", "upstreams": [ { "name": "elfutils", "version": "0.194-2.el10_2" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-32777", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-32777", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-32777", "epss": 0.00006, "percentile": 0.00319, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-32777", "cwe": "CWE-835", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0027 }, "relatedVulnerabilities": [ { "id": "CVE-2026-32777", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/libexpat/libexpat/issues/1161", "https://github.com/libexpat/libexpat/pull/1159", "https://github.com/libexpat/libexpat/pull/1162", "https://issues.oss-fuzz.com/issues/486993411" ], "description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-32777", "epss": 0.00006, "percentile": 0.00319, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-32777", "cwe": "CWE-835", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "expat", "version": "0:2.7.3-1.el10_2.1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-32777", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "777f6467c40e3cda", "name": "expat", "version": "2.7.3-1.el10_2.1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:redhat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:expat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/expat@2.7.3-1.el10_2.1?arch=x86_64&distro=rhel-10.2&upstream=expat-2.7.3-1.el10_2.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-0989", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0989", "epss": 0.00008, "percentile": 0.00784, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-0989", "cwe": "CWE-674", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00268 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0989", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2026-0989", "https://bugzilla.redhat.com/show_bug.cgi?id=2429933", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/998" ], "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0989", "epss": 0.00008, "percentile": 0.00784, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-0989", "cwe": "CWE-674", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libxml2", "version": "0:2.12.5-10.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fd8a4e4169e6e582", "name": "libxml2", "version": "2.12.5-10.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT AND ISC-Veillard AND W3C" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.12.5-10.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.12.5-10.el10?arch=x86_64&distro=rhel-10.2&upstream=libxml2-2.12.5-10.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5745", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5745", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5745", "epss": 0.00005, "percentile": 0.00256, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5745", "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.002625 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5745", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5745", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:8944", "https://access.redhat.com/security/cve/CVE-2026-5745", "https://bugzilla.redhat.com/show_bug.cgi?id=2455921" ], "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5745", "epss": 0.00005, "percentile": 0.00256, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5745", "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "libarchive", "version": "0:3.7.7-8.el10_1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-5745", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1275a237f54746d8", "name": "libarchive", "version": "3.7.7-8.el10_1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-2-Clause AND FSFULLR AND GPL-2.0-or-later WITH Libtool-exception AND BSD-3-Clause AND FSFUL" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.7.7-8.el10_1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.7.7-8.el10_1?arch=x86_64&distro=rhel-10.2&upstream=libarchive-3.7.7-8.el10_1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-24515", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:10", "severity": "Low", "urls": [], "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-24515", "epss": 0.00007, "percentile": 0.00562, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-24515", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0020649999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-24515", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://github.com/libexpat/libexpat/pull/1131", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-24515", "epss": 0.00007, "percentile": 0.00562, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-24515", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "expat", "version": "0:2.7.3-1.el10_2.1" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "777f6467c40e3cda", "name": "expat", "version": "2.7.3-1.el10_2.1", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:redhat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:expat:expat:2.7.3-1.el10_2.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/expat@2.7.3-1.el10_2.1?arch=x86_64&distro=rhel-10.2&upstream=expat-2.7.3-1.el10_2.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14017", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.8, "exploitabilityScore": 2.3, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00003, "percentile": 0.00077, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00147 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14017", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.3, "exploitabilityScore": 1.1, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00003, "percentile": 0.00077, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "0:8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "134f672de8a7541b", "name": "curl", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:redhat:curl:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14017", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:10", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.8, "exploitabilityScore": 2.3, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00003, "percentile": 0.00077, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00147 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14017", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.3, "exploitabilityScore": 1.1, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00003, "percentile": 0.00077, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "10.2" }, "package": { "name": "curl", "version": "8.12.1-4.el10" }, "namespace": "redhat:distro:redhat:10" }, "found": { "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e0443590b9f5633b", "name": "libcurl-minimal", "version": "8.12.1-4.el10", "type": "rpm", "locations": [ { "path": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "layerID": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "accessPath": "/usr/lib/sysimage/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "curl" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:8.12.1-4.el10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:8.12.1-4.el10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@8.12.1-4.el10?arch=x86_64&distro=rhel-10.2&upstream=curl-8.12.1-4.el10.src.rpm", "upstreams": [ { "name": "curl", "version": "8.12.1-4.el10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } } ], "source": { "type": "image", "target": { "userInput": "ghcr.io/telemetryforge/agent:26.6.3", "imageID": "sha256:f0008c4ab2dc7ef9a98ac41b093d6afd54ec8c21ca13e32f2c7e638016638bb9", "manifestDigest": "sha256:21e10c27cf1bca14efd4a15821205d974170eadd06cecbb22beb7ba9af85c444", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ "ghcr.io/telemetryforge/agent:26.6.3" ], "imageSize": 179147616, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:868c414221389b90bff9d134398fead5e4f602550b4564f5648c11b36f66e0ae", "size": 86195581 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:a93d2b64063fd692b9e1b99caaf49bba9ce29950e6927b3ebdacdab077e3d088", "size": 68302570 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:ae78c325a02623ed766f1b322605913c1108feff82692bf48fb73e0834c60c55", "size": 10174 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:475486e25d8e77e2ec7bc1a5161d2349852358037684945bd47564bc1c3a02bc", "size": 8368 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:a5a0b8bbac0672cf2dbcec96cc9c20733fa598fb8afa9a2932d27f6115f41c2d", "size": 20605063 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:cc6e9912a84dba1d21aee4dd2e86a018936b72ade4d26d5b2a15d525d8de86cb", "size": 1795504 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:f1ef98fd7150348e3298c4cb7869da86e63fbafd75b3520068dda90c487fb23e", "size": 1113032 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:9cf8e3033335b61ba6cc8f2f4be13a6fd78ef154dc26ab49faacd3e2df7af09a", "size": 15676 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:f55d2000f2b0bc4527d5801ce283e6ea9e972248c20e40004bb0a37b04a5bc7f", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:90bb233494c452c0a10f71007ed2bb9f96a5cf5563122f821147e3b4cd2758ba", "size": 581 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:5e95c019ea8843ba75b189195fa0e3a543aceac1a95a41a5bc3a38909fdc59f2", "size": 581 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:50f441139122bef6999c74211f2541c0bcccdd1bedbf48be3c63d379c0e270b4", "size": 1095694 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:a7700d7fdc03fb310a97d71a673be4e1ce67e0b7d7f2d5a665aa9385fccb95d1", "size": 4792 } ], "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxMjg2NCwiZGlnZXN0Ijoic2hhMjU2OmYwMDA4YzRhYjJkYzdlZjlhOThhYzQxYjA5M2Q2YWZkNTRlYzhjMjFjYTEzZTMyZjJjN2U2MzgwMTY2MzhiYjkifSwibGF5ZXJzIjpbeyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6ODc5MTc1NjgsImRpZ2VzdCI6InNoYTI1Njo4NjhjNDE0MjIxMzg5YjkwYmZmOWQxMzQzOThmZWFkNWU0ZjYwMjU1MGI0NTY0ZjU2NDhjMTFiMzZmNjZlMGFlIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NzA0ODAzODQsImRpZ2VzdCI6InNoYTI1NjphOTNkMmI2NDA2M2ZkNjkyYjllMWI5OWNhYWY0OWJiYTljZTI5OTUwZTY5MjdiM2ViZGFjZGFiMDc3ZTNkMDg4In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTIyODgsImRpZ2VzdCI6InNoYTI1NjphZTc4YzMyNWEwMjYyM2VkNzY2ZjFiMzIyNjA1OTEzYzExMDhmZWZmODI2OTJiZjQ4ZmI3M2UwODM0YzYwYzU1In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTAyNDAsImRpZ2VzdCI6InNoYTI1Njo0NzU0ODZlMjVkOGU3N2UyZWM3YmMxYTUxNjFkMjM0OTg1MjM1ODAzNzY4NDk0NWJkNDc1NjRiYzFjM2EwMmJjIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA2MzA1MjgsImRpZ2VzdCI6InNoYTI1NjphNWEwYjhiYmFjMDY3MmNmMmRiY2VjOTZjYzljMjA3MzNmYTU5OGZiOGFmYTlhMjkzMmQyN2Y2MTE1ZjQxYzJkIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTc5ODY1NiwiZGlnZXN0Ijoic2hhMjU2OmNjNmU5OTEyYTg0ZGJhMWQyMWFlZTRkZDJlODZhMDE4OTM2YjcyYWRlNGQyNmQ1YjJhMTVkNTI1ZDhkZTg2Y2IifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMTE2MTYwLCJkaWdlc3QiOiJzaGEyNTY6ZjFlZjk4ZmQ3MTUwMzQ4ZTMyOThjNGNiNzg2OWRhODZlNjNmYmFmZDc1YjM1MjAwNjhkZGE5MGM0ODdmYjIzZSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1MDg4LCJkaWdlc3QiOiJzaGEyNTY6OWNmOGUzMDMzMzM1YjYxYmE2Y2M4ZjJmNGJlMTNhNmZkNzhlZjE1NGRjMjZhYjQ5ZmFhY2QzZTJkZjdhZjA5YSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1NjpmNTVkMjAwMGYyYjBiYzQ1MjdkNTgwMWNlMjgzZTZlYTllOTcyMjQ4YzIwZTQwMDA0YmIwYTM3YjA0YTViYzdmIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2OjkwYmIyMzM0OTRjNDUyYzBhMTBmNzEwMDdlZDJiYjlmOTZhNWNmNTU2MzEyMmY4MjExNDdlM2I0Y2QyNzU4YmEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6NWU5NWMwMTllYTg4NDNiYTc1YjE4OTE5NWZhMGUzYTU0M2FjZWFjMWE5NWE0MWE1YmMzYTM4OTA5ZmRjNTlmMiJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjExMDEzMTIsImRpZ2VzdCI6InNoYTI1Njo1MGY0NDExMzkxMjJiZWY2OTk5Yzc0MjExZjI1NDFjMGJjY2NkZDFiZWRiZjQ4YmUzYzYzZDM3OWMwZTI3MGI0In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0ODAsImRpZ2VzdCI6InNoYTI1NjphNzcwMGQ3ZmRjMDNmYjMxMGE5N2Q3MWE2NzNiZTRlMWNlNjdlMGI3ZDdmMmQ1YTY2NWFhOTM4NWZjY2I5NWQxIn1dfQ==", "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiOTg3NiIsIkV4cG9zZWRQb3J0cyI6eyIyMDIwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb250YWluZXI9b2NpIiwiRkxVRU5UQklUX1ZFUlNJT049IiwiVEVMRU1FVFJZX0ZPUkdFX0FHRU5UX1ZFUlNJT049MjYuNi4zIl0sIkVudHJ5cG9pbnQiOlsiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXQiXSwiQ21kIjpbIi9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0IiwiLWMiLCIvZmx1ZW50LWJpdC9ldGMvZmx1ZW50LWJpdC5jb25mIl0sIldvcmtpbmdEaXIiOiIvIiwiTGFiZWxzIjp7ImFyY2hpdGVjdHVyZSI6Ing4Nl82NCIsImJ1aWxkLWRhdGUiOiIyMDI2MDYxNS0xMjAyMTgiLCJjb20ucmVkaGF0LmNvbXBvbmVudCI6InViaTEwLW1pbmltYWwtY29udGFpbmVyIiwiY29tLnJlZGhhdC5saWNlbnNlX3Rlcm1zIjoiaHR0cHM6Ly93d3cucmVkaGF0LmNvbS9lbi9hYm91dC9yZWQtaGF0LWVuZC11c2VyLWxpY2Vuc2UtYWdyZWVtZW50cyNVQkkiLCJjcGUiOiJjcGU6L286cmVkaGF0OmVudGVycHJpc2VfbGludXg6MTAuMiIsImRlc2NyaXB0aW9uIjoiVGVsZW1ldHJ5IEZvcmdlIEFnZW50IGlzIGEgc3RhYmxlLCBzZWN1cmUgYnkgZGVmYXVsdCwgT1NTIChBcGFjaGUtbGljZW5zZWQpIGRvd25zdHJlYW0gZGlzdHJpYnV0aW9uIG9mIEZsdWVudCBCaXQgd2l0aCBwcmVkaWN0YWJsZSByZWxlYXNlcyBhbmQgbG9uZy10ZXJtIHN1cHBvcnRlZCB2ZXJzaW9ucyBmb3IgMjQgbW9udGhzLiIsImRpc3RyaWJ1dGlvbi1zY29wZSI6InB1YmxpYyIsImlvLmJ1aWxkYWgudmVyc2lvbiI6IjEuNDIuMiIsImlvLms4cy5kZXNjcmlwdGlvbiI6IlRlbGVtZXRyeSBGb3JnZSBBZ2VudCBpcyBhIHN0YWJsZSwgc2VjdXJlIGJ5IGRlZmF1bHQsIE9TUyAoQXBhY2hlLWxpY2Vuc2VkKSBkb3duc3RyZWFtIGRpc3RyaWJ1dGlvbiBvZiBGbHVlbnQgQml0IHdpdGggcHJlZGljdGFibGUgcmVsZWFzZXMgYW5kIGxvbmctdGVybSBzdXBwb3J0ZWQgdmVyc2lvbnMgZm9yIDI0IG1vbnRocy4iLCJpby5rOHMuZGlzcGxheS1uYW1lIjoiVGVsZW1ldHJ5IEZvcmdlIEFnZW50IiwiaW8ub3BlbnNoaWZ0LmV4cG9zZS1zZXJ2aWNlcyI6IiIsImlvLm9wZW5zaGlmdC50YWdzIjoib2JzZXJ2YWJpbGl0eSxsb2dnaW5nLGxvZy1hZ2dyZWdhdGlvbix0ZWxlbWV0cnlmb3JnZSxmbHVlbnQtYml0IiwibWFpbnRhaW5lciI6IlRlbGVtZXRyeSBGb3JnZSB2aWEgaW5mb0B0ZWxlbWV0cnlmb3JnZS5pbyIsIm5hbWUiOiJUZWxlbWV0cnkgRm9yZ2UgQWdlbnQiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDI6MTguNTkwWiIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5kZXNjcmlwdGlvbiI6IlRlbGVtZXRyeSBGb3JnZSBBZ2VudCBpcyBhIHN0YWJsZSwgc2VjdXJlIGJ5IGRlZmF1bHQsIE9TUyAoQXBhY2hlLWxpY2Vuc2VkKSBkb3duc3RyZWFtIGRpc3RyaWJ1dGlvbiBvZiBGbHVlbnQgQml0IHdpdGggcHJlZGljdGFibGUgcmVsZWFzZXMgYW5kIGxvbmctdGVybSBzdXBwb3J0ZWQgdmVyc2lvbnMgZm9yIDI0IG1vbnRocy4iLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UubGljZW5zZXMiOiIiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UucmV2aXNpb24iOiIxY2NhZTY3ZWFiZjMzZTM5Yjk5MjQwYjkyNDUyMGNjNzA3YTk1ZGM2Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnNvdXJjZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS90ZWxlbWV0cnlmb3JnZS9hZ2VudCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS50aXRsZSI6ImFnZW50Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS90ZWxlbWV0cnlmb3JnZS9hZ2VudCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoidjI2LjYuMyIsInJlbGVhc2UiOiIxNzgxNTA5MzQ2Iiwic3VtbWFyeSI6IlRlbGVtZXRyeSBGb3JnZSBBZ2VudCBpcyBhbiBFbnRlcnByaXNlIGhhcmRlbmVkIHZlcnNpb24gb2YgRmx1ZW50IEJpdCIsInVybCI6Imh0dHBzOi8vdGVsZW1ldHJ5Zm9yZ2UuaW8iLCJ2Y3MtcmVmIjoiYTA3OWJkMWNjOTE1MjNhNjA3MDRjZjg0MDQ2M2Q3MzdiYThiNjNkZSIsInZjcy10eXBlIjoiZ2l0IiwidmVuZG9yIjoiVGVsZW1ldHJ5IEZvcmdlIGF0IGh0dHBzOi8vdGVsZW1ldHJ5Zm9yZ2UuaW8iLCJ2ZXJzaW9uIjoiMjYuNi4zIn0sIkFyZ3NFc2NhcGVkIjp0cnVlfSwiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNzY2NjEwNzg4WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQwLjQxMjk5OTYyNloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgbWFpbnRhaW5lcj1cIlJlZCBIYXQsIEluYy5cIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQwLjQyOTcyOTc2MloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgdmVuZG9yPVwiUmVkIEhhdCwgSW5jLlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMDc6NDY6NDAuNDQ2Mzk1NzE3WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCB1cmw9XCJodHRwczovL2NhdGFsb2cucmVkaGF0LmNvbS9lbi9zZWFyY2g/c2VhcmNoVHlwZT1jb250YWluZXJzXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQwNzo0Njo0MC40NjM1OTU1MzJaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGNvbS5yZWRoYXQuY29tcG9uZW50PVwidWJpMTAtbWluaW1hbC1jb250YWluZXJcIiAgICAgICBuYW1lPVwidWJpMTAvdWJpLW1pbmltYWxcIiAgICAgICB2ZXJzaW9uPVwiMTAuMlwiICAgICAgIGNwZT1cImNwZTovbzpyZWRoYXQ6ZW50ZXJwcmlzZV9saW51eDoxMC4yXCIgICAgICAgZGlzdHJpYnV0aW9uLXNjb3BlPVwicHVibGljXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQwNzo0Njo0MC40ODE5MDc5MjlaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGNvbS5yZWRoYXQubGljZW5zZV90ZXJtcz1cImh0dHBzOi8vd3d3LnJlZGhhdC5jb20vZW4vYWJvdXQvcmVkLWhhdC1lbmQtdXNlci1saWNlbnNlLWFncmVlbWVudHMjVUJJXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQwNzo0Njo0MC40OTkxMjAxODRaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIHN1bW1hcnk9XCJQcm92aWRlcyB0aGUgbGF0ZXN0IHJlbGVhc2Ugb2YgdGhlIG1pbmltYWwgUmVkIEhhdCBVbml2ZXJzYWwgQmFzZSBJbWFnZSAxMC5cIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQwLjUxNjA3MjYwNFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgZGVzY3JpcHRpb249XCJUaGUgVW5pdmVyc2FsIEJhc2UgSW1hZ2UgTWluaW1hbCBpcyBhIHN0cmlwcGVkIGRvd24gaW1hZ2UgdGhhdCB1c2VzIG1pY3JvZG5mIGFzIGEgcGFja2FnZSBtYW5hZ2VyLiBUaGlzIGJhc2UgaW1hZ2UgaXMgZnJlZWx5IHJlZGlzdHJpYnV0YWJsZSwgYnV0IFJlZCBIYXQgb25seSBzdXBwb3J0cyBSZWQgSGF0IHRlY2hub2xvZ2llcyB0aHJvdWdoIHN1YnNjcmlwdGlvbnMgZm9yIFJlZCBIYXQgcHJvZHVjdHMuIFRoaXMgaW1hZ2UgaXMgbWFpbnRhaW5lZCBieSBSZWQgSGF0IGFuZCB1cGRhdGVkIHJlZ3VsYXJseS5cIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQwLjUzMzYzNjY5NloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgaW8uazhzLmRlc2NyaXB0aW9uPVwiVGhlIFVuaXZlcnNhbCBCYXNlIEltYWdlIE1pbmltYWwgaXMgYSBzdHJpcHBlZCBkb3duIGltYWdlIHRoYXQgdXNlcyBtaWNyb2RuZiBhcyBhIHBhY2thZ2UgbWFuYWdlci4gVGhpcyBiYXNlIGltYWdlIGlzIGZyZWVseSByZWRpc3RyaWJ1dGFibGUsIGJ1dCBSZWQgSGF0IG9ubHkgc3VwcG9ydHMgUmVkIEhhdCB0ZWNobm9sb2dpZXMgdGhyb3VnaCBzdWJzY3JpcHRpb25zIGZvciBSZWQgSGF0IHByb2R1Y3RzLiBUaGlzIGltYWdlIGlzIG1haW50YWluZWQgYnkgUmVkIEhhdCBhbmQgdXBkYXRlZCByZWd1bGFybHkuXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQwNzo0Njo0MC41NTEwMDAwMTVaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGlvLms4cy5kaXNwbGF5LW5hbWU9XCJSZWQgSGF0IFVuaXZlcnNhbCBCYXNlIEltYWdlIDEwIE1pbmltYWxcIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQwLjU2NzY2OTEwOVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgaW8ub3BlbnNoaWZ0LmV4cG9zZS1zZXJ2aWNlcz1cIlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMDc6NDY6NDAuNTg0NzYxMzkzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCBpby5vcGVuc2hpZnQudGFncz1cIm1pbmltYWwgcmhlbDEwXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQwNzo0Njo0MC42MDE0MjU2NTdaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEVOViBjb250YWluZXIgb2NpIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMDc6NDY6NDEuMDg0Njg4MjQ1WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBDT1BZIGRpcjo2Nzk1YTg3NTNmMTM2MDE5OTBlZGI1YjUyNzZjZmU3NDg2ZmI1MzEwNGIyNjIxMTVmYjM1ZmU4MTdjMmFkZjNiIGluIC8gICAgICAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQwNzo0Njo0MS4xNzQ2NDY0NzRaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIENPUFkgZmlsZTo1ZGUzM2I1ZmMwOGIwMDYzNWJjY2Y5MTM0YTE4OTc4ZGJhMTNlMjI1MGFhNTE4MzhmOTk2OTUxNWEzOTU3ODQ3IGluIC9ldGMveXVtLnJlcG9zLmQvLiAgICAgICIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQxLjE5MDcwMjk4NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ01EIFtcIi9iaW4vYmFzaFwiXSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQxLjI4MzQxODU0NloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ09QWSBmaWxlOjU5NTE3MTE1MGFmNjhhYmM3OThlYTM4NWY3OTg4ZDc0YjU2NmFhOGU4NGJhYmZmMTM3ZjAwYjA4YjIxNjQ2ODMgaW4gL3Vzci9zaGFyZS9idWlsZGluZm8vY29udGVudC1zZXRzLmpzb24gICAgICAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQwNzo0Njo0MS4zNzI5NzExMDdaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIENPUFkgZmlsZTo1OTUxNzExNTBhZjY4YWJjNzk4ZWEzODVmNzk4OGQ3NGI1NjZhYThlODRiYWJmZjEzN2YwMGIwOGIyMTY0NjgzIGluIC9yb290L2J1aWxkaW5mby9jb250ZW50X21hbmlmZXN0cy9jb250ZW50LXNldHMuanNvbiAgICAgICIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQxLjQ2MTYzOTA4MVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQ09QWSBmaWxlOjAxNDI3OGY3MzU3NmYyZGVmNmQ1Y2ZhODY4YzJjMjkwNDgyZThmYjQ4NmZjZmI1Yjg2NWJjZGYwNGM4YzAzNGEgaW4gL3Vzci9zaGFyZS9idWlsZGluZm8vbGFiZWxzLmpzb24gICAgICAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQwNzo0Njo0MS41NTE4OTA4OTZaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIENPUFkgZmlsZTowMTQyNzhmNzM1NzZmMmRlZjZkNWNmYTg2OGMyYzI5MDQ4MmU4ZmI0ODZmY2ZiNWI4NjViY2RmMDRjOGMwMzRhIGluIC9yb290L2J1aWxkaW5mby9sYWJlbHMuanNvbiAgICAgICIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDA3OjQ2OjQxLjgxMjcwMDEzN1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgXCJhcmNoaXRlY3R1cmVcIj1cIng4Nl82NFwiIFwidmNzLXR5cGVcIj1cImdpdFwiIFwidmNzLXJlZlwiPVwiYTA3OWJkMWNjOTE1MjNhNjA3MDRjZjg0MDQ2M2Q3MzdiYThiNjNkZVwiIFwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnJldmlzaW9uXCI9XCJhMDc5YmQxY2M5MTUyM2E2MDcwNGNmODQwNDYzZDczN2JhOGI2M2RlXCIgXCJidWlsZC1kYXRlXCI9XCIyMDI2LTA2LTE1VDA3OjQ2OjIxWlwiIFwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmNyZWF0ZWRcIj1cIjIwMjYtMDYtMTVUMDc6NDY6MjFaXCIgXCJyZWxlYXNlXCI9XCIxNzgxNTA5MzQ2XCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UucmV2aXNpb249YTA3OWJkMWNjOTE1MjNhNjA3MDRjZjg0MDQ2M2Q3MzdiYThiNjNkZSxvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuY3JlYXRlZD0yMDI2LTA2LTE1VDA3OjQ2OjIxWiJ9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDI6NDMuOTQxMTMzNDAxWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBtaWNyb2RuZiB1cGRhdGUgLXkgXHUwMDI2XHUwMDI2IG1pY3JvZG5mIGluc3RhbGwgLXkgb3BlbnNzbCBsaWJ5YW1sIGN5cnVzLXNhc2wgenN0ZCBcdTAwMjZcdTAwMjYgbWljcm9kbmYgY2xlYW4gYWxsICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDI6NDQuMTA5MjQ3NTIzWiIsImNyZWF0ZWRfYnkiOiJFWFBPU0UgWzIwMjAvdGNwXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDI6NDQuMTA5MjQ3NTIzWiIsImNyZWF0ZWRfYnkiOiJFTlRSWVBPSU5UIFtcIi9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0XCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowMjo0NC4xMDkyNDc1MjNaIiwiY3JlYXRlZF9ieSI6IkNNRCBbXCIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdFwiIFwiLWNcIiBcIi9mbHVlbnQtYml0L2V0Yy9mbHVlbnQtYml0LmNvbmZcIl0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDEyOjAyOjQ0LjEwOTI0NzUyM1oiLCJjcmVhdGVkX2J5IjoiQ09QWSBsaWNlbnNlcy8qIC9saWNlbnNlcy8gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowMjo0NC4xOTg4NzEyODJaIiwiY3JlYXRlZF9ieSI6IkNPUFkgUkVBRE1FLm1kIC9oZWxwLjEgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowODo0OC4zODI2MzI4MTdaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL2ZsdWVudC1iaXQgL2ZsdWVudC1iaXQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowODo0OC40MjY4MDk4NloiLCJjcmVhdGVkX2J5IjoiQ09QWSAvdXNyL2xvY2FsL2xpYjY0L2xpYmdpdDIuc28uKi4qLiogL3Vzci9sb2NhbC9saWI2NC8gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowODo0OC40NDk3OTY0NDhaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL3Vzci9sb2NhbC9saWIvbGlic3NoMi5zby4qLiouKiAvdXNyL2xvY2FsL2xpYi8gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowODo0OC41MjY4NDc4OFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgZWNobyBcIi91c3IvbG9jYWwvbGliNjRcIiBcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvbG9jYWwtbGlicy5jb25mIFx1MDAyNlx1MDAyNiAgICAgZWNobyBcIi91c3IvbG9jYWwvbGliXCIgXHUwMDNlXHUwMDNlIC9ldGMvbGQuc28uY29uZi5kL2xvY2FsLWxpYnMuY29uZiBcdTAwMjZcdTAwMjYgICAgIGxkY29uZmlnICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNTkyNjA4OTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC1wIC9vcHQvdGVsZW1ldHJ5Zm9yZ2UtYWdlbnQvZXRjICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjA1NjE3MTA3WiIsImNyZWF0ZWRfYnkiOiJDT1BZIGNvbmZpZy8gL29wdC90ZWxlbWV0cnlmb3JnZS1hZ2VudC9ldGMvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjE2ODg4MDlaIiwiY3JlYXRlZF9ieSI6IkNPUFkgY29uZmlnLyAvZmx1ZW50LWJpdC9ldGMvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyAvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdCAtSiBcdTAwM2UgL2ZsdWVudC1iaXQvZXRjL3NjaGVtYS5qc29uIFx1MDAyNlx1MDAyNiAgICAgL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXQgLUogXHUwMDNlIC9vcHQvdGVsZW1ldHJ5Zm9yZ2UtYWdlbnQvZXRjL3NjaGVtYS5qc29uICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJBUkcgRkxVRU5UX0JJVF9WRVJTSU9OIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowODo0OC42ODUxNTUyNjZaIiwiY3JlYXRlZF9ieSI6IkFSRyBURUxFTUVUUllfRk9SR0VfQUdFTlRfVkVSU0lPTj0yNi42LjMiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDEyOjA4OjQ4LjY4NTE1NTI2NloiLCJjcmVhdGVkX2J5IjoiRU5WIEZMVUVOVEJJVF9WRVJTSU9OPSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJFTlYgVEVMRU1FVFJZX0ZPUkdFX0FHRU5UX1ZFUlNJT049MjYuNi4zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowODo0OC42ODUxNTUyNjZaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIHZlbmRvcj1UZWxlbWV0cnkgRm9yZ2UgYXQgaHR0cHM6Ly90ZWxlbWV0cnlmb3JnZS5pbyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBtYWludGFpbmVyPVRlbGVtZXRyeSBGb3JnZSB2aWEgaW5mb0B0ZWxlbWV0cnlmb3JnZS5pbyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBuYW1lPVRlbGVtZXRyeSBGb3JnZSBBZ2VudCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBpby5rOHMuZGlzcGxheS1uYW1lPVRlbGVtZXRyeSBGb3JnZSBBZ2VudCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBzdW1tYXJ5PVRlbGVtZXRyeSBGb3JnZSBBZ2VudCBpcyBhbiBFbnRlcnByaXNlIGhhcmRlbmVkIHZlcnNpb24gb2YgRmx1ZW50IEJpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCB1cmw9aHR0cHM6Ly90ZWxlbWV0cnlmb3JnZS5pbyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDYtMTVUMTI6MDg6NDguNjg1MTU1MjY2WiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBpby5vcGVuc2hpZnQudGFncz1vYnNlcnZhYmlsaXR5LGxvZ2dpbmcsbG9nLWFnZ3JlZ2F0aW9uLHRlbGVtZXRyeWZvcmdlLGZsdWVudC1iaXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDEyOjA4OjQ4LjY4NTE1NTI2NloiLCJjcmVhdGVkX2J5IjoiTEFCRUwgdmVyc2lvbj0yNi42LjMiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDEyOjA4OjQ4LjY4NTE1NTI2NloiLCJjcmVhdGVkX2J5IjoiTEFCRUwgaW8uazhzLmRlc2NyaXB0aW9uPVRlbGVtZXRyeSBGb3JnZSBBZ2VudCBpcyBhIHN0YWJsZSwgc2VjdXJlIGJ5IGRlZmF1bHQsIE9TUyAoQXBhY2hlLWxpY2Vuc2VkKSBkb3duc3RyZWFtIGRpc3RyaWJ1dGlvbiBvZiBGbHVlbnQgQml0IHdpdGggcHJlZGljdGFibGUgcmVsZWFzZXMgYW5kIGxvbmctdGVybSBzdXBwb3J0ZWQgdmVyc2lvbnMgZm9yIDI0IG1vbnRocy4iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA2LTE1VDEyOjA4OjQ4Ljc2NjYxMDc4OFoiLCJjcmVhdGVkX2J5IjoiUlVOIHwyIEZMVUVOVF9CSVRfVkVSU0lPTj0gVEVMRU1FVFJZX0ZPUkdFX0FHRU5UX1ZFUlNJT049MjYuNi4zIC9iaW4vc2ggLWMgdXNlcmFkZCAtdSA5ODc2IC1tIC1zIC9iaW4vZmFsc2UgdGVsZW1ldHJ5Zm9yZ2UtYWdlbnQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNi0xNVQxMjowODo0OC43NjY2MTA3ODhaIiwiY3JlYXRlZF9ieSI6IlVTRVIgOTg3NiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2Ojg2OGM0MTQyMjEzODliOTBiZmY5ZDEzNDM5OGZlYWQ1ZTRmNjAyNTUwYjQ1NjRmNTY0OGMxMWIzNmY2NmUwYWUiLCJzaGEyNTY6YTkzZDJiNjQwNjNmZDY5MmI5ZTFiOTljYWFmNDliYmE5Y2UyOTk1MGU2OTI3YjNlYmRhY2RhYjA3N2UzZDA4OCIsInNoYTI1NjphZTc4YzMyNWEwMjYyM2VkNzY2ZjFiMzIyNjA1OTEzYzExMDhmZWZmODI2OTJiZjQ4ZmI3M2UwODM0YzYwYzU1Iiwic2hhMjU2OjQ3NTQ4NmUyNWQ4ZTc3ZTJlYzdiYzFhNTE2MWQyMzQ5ODUyMzU4MDM3Njg0OTQ1YmQ0NzU2NGJjMWMzYTAyYmMiLCJzaGEyNTY6YTVhMGI4YmJhYzA2NzJjZjJkYmNlYzk2Y2M5YzIwNzMzZmE1OThmYjhhZmE5YTI5MzJkMjdmNjExNWY0MWMyZCIsInNoYTI1NjpjYzZlOTkxMmE4NGRiYTFkMjFhZWU0ZGQyZTg2YTAxODkzNmI3MmFkZTRkMjZkNWIyYTE1ZDUyNWQ4ZGU4NmNiIiwic2hhMjU2OmYxZWY5OGZkNzE1MDM0OGUzMjk4YzRjYjc4NjlkYTg2ZTYzZmJhZmQ3NWIzNTIwMDY4ZGRhOTBjNDg3ZmIyM2UiLCJzaGEyNTY6OWNmOGUzMDMzMzM1YjYxYmE2Y2M4ZjJmNGJlMTNhNmZkNzhlZjE1NGRjMjZhYjQ5ZmFhY2QzZTJkZjdhZjA5YSIsInNoYTI1NjpmNTVkMjAwMGYyYjBiYzQ1MjdkNTgwMWNlMjgzZTZlYTllOTcyMjQ4YzIwZTQwMDA0YmIwYTM3YjA0YTViYzdmIiwic2hhMjU2OjkwYmIyMzM0OTRjNDUyYzBhMTBmNzEwMDdlZDJiYjlmOTZhNWNmNTU2MzEyMmY4MjExNDdlM2I0Y2QyNzU4YmEiLCJzaGEyNTY6NWU5NWMwMTllYTg4NDNiYTc1YjE4OTE5NWZhMGUzYTU0M2FjZWFjMWE5NWE0MWE1YmMzYTM4OTA5ZmRjNTlmMiIsInNoYTI1Njo1MGY0NDExMzkxMjJiZWY2OTk5Yzc0MjExZjI1NDFjMGJjY2NkZDFiZWRiZjQ4YmUzYzYzZDM3OWMwZTI3MGI0Iiwic2hhMjU2OmE3NzAwZDdmZGMwM2ZiMzEwYTk3ZDcxYTY3M2JlNGUxY2U2N2UwYjdkN2YyZDVhNjY1YWE5Mzg1ZmNjYjk1ZDEiXX19", "repoDigests": [ "ghcr.io/telemetryforge/agent@sha256:0f24c72c7a8a144fd9cb2d3f3a54b20f64c96d5423c7f22b9596ca72a4204cb2" ], "architecture": "amd64", "os": "linux", "labels": { "architecture": "x86_64", "build-date": "20260615-120218", "com.redhat.component": "ubi10-minimal-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/o:redhat:enterprise_linux:10.2", "description": "Telemetry Forge Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.k8s.description": "Telemetry Forge Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", "io.k8s.display-name": "Telemetry Forge Agent", "io.openshift.expose-services": "", "io.openshift.tags": "observability,logging,log-aggregation,telemetryforge,fluent-bit", "maintainer": "Telemetry Forge via info@telemetryforge.io", "name": "Telemetry Forge Agent", "org.opencontainers.image.created": "2026-06-15T12:02:18.590Z", "org.opencontainers.image.description": "Telemetry Forge Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", "org.opencontainers.image.licenses": "", "org.opencontainers.image.revision": "1ccae67eabf33e39b99240b924520cc707a95dc6", "org.opencontainers.image.source": "https://github.com/telemetryforge/agent", "org.opencontainers.image.title": "agent", "org.opencontainers.image.url": "https://github.com/telemetryforge/agent", "org.opencontainers.image.version": "v26.6.3", "release": "1781509346", "summary": "Telemetry Forge Agent is an Enterprise hardened version of Fluent Bit", "url": "https://telemetryforge.io", "vcs-ref": "a079bd1cc91523a60704cf840463d737ba8b63de", "vcs-type": "git", "vendor": "Telemetry Forge at https://telemetryforge.io", "version": "26.6.3" } } }, "distro": { "name": "redhat", "version": "10.2", "idLike": [ "centos", "fedora" ] }, "descriptor": { "name": "grype", "version": "0.114.0", "configuration": { "output": [ "json" ], "file": "agent/security/agent/grype-26.6.3.json", "pretty": true, "distro": "", "add-cpes-if-none": false, "output-template-file": "", "check-for-app-update": true, "only-fixed": false, "only-notfixed": false, "ignore-wontfix": "", "platform": "", "search": { "scope": "squashed", "unindexed-archives": false, "indexed-archives": true }, "ignore": [ { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "kernel-headers", "version": "", "language": "", "type": "rpm", "location": "", "upstream-name": "kernel" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux(-.*)?-headers-.*", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux.*" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux-libc-dev", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" } ], "exclude": [], "externalSources": { "enable": false, "maven": { "searchUpstreamBySha1": true, "baseUrl": "https://search.maven.org/solrsearch/select", "rateLimit": 300000000 } }, "match": { "java": { "using-cpes": false }, "jvm": { "using-cpes": true }, "dotnet": { "using-cpes": false }, "golang": { "using-cpes": false, "always-use-cpe-for-stdlib": true, "allow-main-module-pseudo-version-comparison": false }, "javascript": { "using-cpes": false }, "python": { "using-cpes": false }, "ruby": { "using-cpes": false }, "rust": { "using-cpes": false }, "hex": { "using-cpes": false }, "stock": { "using-cpes": true }, "dpkg": { "using-cpes": false, "missing-epoch-strategy": "zero", "use-cpes-for-eol": false }, "rpm": { "using-cpes": false, "missing-epoch-strategy": "auto", "use-cpes-for-eol": false } }, "fail-on-severity": "", "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, "ca-cert": "" }, "show-suppressed": false, "by-cve": false, "SortBy": { "sort-by": "risk" }, "name": "", "default-image-pull-source": "", "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, "fix-channel": { "redhat-eus": { "apply": "auto", "versions": ">= 8.0" } }, "timestamp": false, "alerts": { "enable-eol-distro-warnings": true }, "db": { "cache-dir": ".cache/grype/db", "update-url": "https://grype.anchore.io/databases", "ca-cert": "", "auto-update": true, "validate-by-hash-on-start": true, "validate-age": true, "max-allowed-built-age": 432000000000000, "require-update-check": false, "update-available-timeout": 30000000000, "update-download-timeout": 300000000000, "max-update-check-frequency": 7200000000000 }, "exp": {}, "dev": { "db": { "debug": false } } }, "db": { "status": { "schemaVersion": "v6.1.7", "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.7_2026-06-15T01:00:00Z_1781511613.tar.zst?checksum=sha256%3A2de47d3561a1ba08d7f9d707458b2a06014c3e630da049c10330590d3b4dda77", "built": "2026-06-15T08:20:13Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { "captured": "2026-06-15T01:00:29Z", "input": "xxh64:c2524d4906543abf" }, "alpine": { "captured": "2026-06-15T01:00:27Z", "input": "xxh64:05c185d4936f63a6" }, "amazon": { "captured": "2026-06-15T01:00:46Z", "input": "xxh64:f8a1f3a0bf2e9cdb" }, "arch": { "captured": "2026-06-15T01:00:45Z", "input": "xxh64:f82bf430bbdda578" }, "bitnami": { "captured": "2026-06-15T01:00:56Z", "input": "xxh64:0e37f57810486e7e" }, "chainguard": { "captured": "2026-06-15T01:00:01Z", "input": "xxh64:8f52022faa11a289" }, "chainguard-libraries": { "captured": "2026-06-15T01:00:50Z", "input": "xxh64:0f0544792dfb607c" }, "debian": { "captured": "2026-06-15T01:00:17Z", "input": "xxh64:45fd22104f1994e0" }, "echo": { "captured": "2026-06-15T01:00:20Z", "input": "xxh64:0f60b6229e015620" }, "eol": { "captured": "2026-06-15T01:00:40Z", "input": "xxh64:663143e24cc9ed3a" }, "epss": { "captured": "2026-06-15T01:00:01Z", "input": "xxh64:f08bed6533e31d9f" }, "fedora": { "captured": "2026-06-15T01:00:02Z", "input": "xxh64:50083eee375d268b" }, "github": { "captured": "2026-06-15T01:00:34Z", "input": "xxh64:d8e43df6472e9775" }, "govulndb": { "captured": "2026-06-15T01:00:54Z", "input": "xxh64:ed18880d09559852" }, "hummingbird": { "captured": "2026-06-15T01:00:08Z", "input": "xxh64:c79535ce487e19bc" }, "kev": { "captured": "2026-06-15T01:00:00Z", "input": "xxh64:fcc50a2a4efe3f4e" }, "mariner": { "captured": "2026-06-15T01:01:14Z", "input": "xxh64:ebb284c9e091150a" }, "minimos": { "captured": "2026-06-15T01:00:04Z", "input": "xxh64:53f1a1a6bd2810b4" }, "nvd": { "captured": "2026-06-15T01:01:03Z", "input": "xxh64:ae15d44c599ed923" }, "oracle": { "captured": "2026-06-15T01:00:34Z", "input": "xxh64:9d71d19cd9e0d242" }, "photon": { "captured": "2026-06-15T01:00:38Z", "input": "xxh64:fb733180b311ecdb" }, "rhel": { "captured": "2026-06-15T01:01:36Z", "input": "xxh64:4ddbad23d345547b" }, "secureos": { "captured": "2026-06-15T01:00:26Z", "input": "xxh64:571da7a303df37fa" }, "sles": { "captured": "2026-06-15T01:00:41Z", "input": "xxh64:c7f6233360752622" }, "ubuntu": { "captured": "2026-06-15T01:04:04Z", "input": "xxh64:0b342df590e09a71" }, "wolfi": { "captured": "2026-06-15T01:00:36Z", "input": "xxh64:3cc2ddb98db9d3ca" } } } } }